Solving this is just a two step process during execution:
Step 1: Retreive the user's DN (Distingished Name) using their SAMAccount name, placing it somewhere it can then be accessed/used
Step 2: Retreive ther user's groups using that DN and placing them in the menu.
But it takes a few more steps to set up the process:
Step 1: Install a bridge to the relevant LDAP if there is not one installed already.
Step 2: Import the attached Employee and Group (LDAP) Models and associated mappings. Be sure to update the Bridge Name in the mappings to be the name of the bridge you have installed in your system.
In the system used in this example, the user's Remedy Login ID is their sAMAccountName. This is used in the By Login Qualification mapping to find their DN (distinguished name). To get down into the nuts and bolts a little, the full query looks like this
Searching for a person object with the Login ID equal to the sAMAccountName. This part of the query: (!(UserAccountControl:1.2.840.1135126.96.36.1993:=2)) means "The account is not disabled. Details on this type of searching in Active Directory can be found here.
The group query searches for group using the DN .
What does 1.2.840.1135188.8.131.521 mean? Means search recursively...So if the user is a member of the DL - Engineering group and the DL - Engineering group is is a member of the DL - All Employees group, then both DL - Engineering & DL - All Employees will be returned back instead of just DL - Engineering. Some more details about LDAP Searching and filters can be found here.
Step 3: Set up a question with an advanced default that uses the employee bridge to grab the logged in user's DN using the username/Login ID they used to log in.
Step 4: Set up an on Load event on the page to populate the desired menu with the groups, using that defaulted question as the parameter value for the group LDAP bridge.
This attached service item and pair of bridges models/mappings are an example of this. This service item is not in any catalog, you'll want to attach it into one of your sandbox/development catalogs if you want to test it out.
A reminder that this example expects the sAMAccountName to equal the Remedy Login ID. If this is not the case in your system, you'll need to modify this example to match your system's requirements before it will work.