In my company, we're planning to set up the Microsoft AD as an Authentication Provider for our WLS. To my understanding, after the setup is completed, all the AD enterprise user groups and users information will automatically be pulled into WLS and appear under the "Users and Groups" section of WLS.
Suppose we have a user belonging to group A and group A is a child of group B. When the user logs in, using the principals from "Security.getCurrentSubject().getPrincipals()", we can identify that this user belongs to group A. What I want to do is to get additional information such as the parent groups (e.g. group B). I'd like to ask if there is already an API within ADF that I can use to get more LDAP related information such as by quering the Enterprise user group hierarchy. Or do I have to use external 3rd-party LDAP API such as UnboundID LDAP SDK to access the LDAP server directly to get more information.
I'd be very grateful if you could give me some hints