When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example:
- User "John" is a member of the group "IT Department"
- Group "IT Department" is member of Group "NSX Admin"
- Group "NSX Admin" is assigned the Enterprise Admin Role in NSX-T
User "John" can't log in because NSX-T does not search inside nested groups. If you need nested groups to work and there is no workaround, use the vIDM (VMware Identity Manager) appliance.