LDAP via BindDN - Active Directory nested groups

Hello everyone,

I set up my authentication source using LDAP via BindDN and I am stuck with the user filter.

Does Gitea is able to manage Active Directory nested group ?

Context: in my company, we usually use nested groups to give permissions to our different teams.
For example: our dev users are member of g_dev, which is member of dl_gitea which is allowed to connect.
In my user filter, I should have this :
(&(objectCategory=Person)(memberOf=CN=dl_gitea,OU=groups,OU=company,DC=example,DC=com)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

But, when user1 wants to login, it fails and shows this :
routers/user/auth.go:177:SignInPost() [I] Failed authentication attempt for user1 from a.b.c.d : user does not exist [uid: 0, name: user1, keyid: 0]

It only works if we directly put the g_dev group in the user filter.

Any idea or suggestion ?

Thanks in advance and stay safe !