I just tried the snapshot version, and it seemed to work fine in my environment, it even seems to work fine for groups nested multiple levels (only checked up to 2). The one thing that was a little off, I had to switch my ldap configuration out of Active Directory to custom and back again for the option to be enabled. A really simple fix for this would be to include the check box in the Active Directory configuration options.
Yes you are right. If you do an update of the plugin the nested group checkbox is not enabled in the ActiveDirectory profile. When you do a fresh installation of the plugin (without an existing config), the nested group feature is enabled by default in the ActiveDirectory profile. I think the best way is to check for an update and enable the nested group feature if the ActiveDirectory profile is used.
That would work as well. It was a minor inconvenience, but for those that don't know about the change, they would probably never get the enhancement. It seems like this issue could be generally handled by detecting the upgrade and reapplying all the non-displayed options for your current configuration, but changing a users settings (even if they are hidden) without alerting them to the changes could break their configuration.
I've changed the behaviour. The "nested ad group" feature is disabled by default and the checkbox is only visible in the ActiveDirectory or in the Custom profile. I think that is the best solution, because the behaviour after an update is untouched.
Could you please test the new version of the plugin. You have to uninstall and reinstall the plugin to get the new version.