Hello,
There might be some performances impact as we act as LDAP Cloent and request may take more time if we are using NESTED groups.
For your questions regarding INGROUP() and MEMBEROF(), there was an issue in previous release when using INGROUP() that was generating more LDAP Search (fix in 12.52SP1CR02)
Defects Fixed in 12.52 SP1 CR02 - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Excessive LDAP Search Calls Generated During Authorization When Using INGROUP Expression (147235)
Symptom:
When the INGROUP expression is used to search for user membership of an Application object, excessive LDAP search calls are generated.
Solution:
This problem has been fixed.
STAR Issue: 22051787-1
Hope it helps,
Julien.