Skip to content

Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0

When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example:

  • User "John" is a member of the group "IT Department"
  • Group "IT Department" is member of Group "NSX Admin"
  • Group "NSX Admin" is assigned the Enterprise Admin Role in NSX-T

User "John" can't log in because NSX-T does not search inside nested groups. If you need nested groups to work and there is no workaround, use the vIDM (VMware Identity Manager) appliance.

Related posts:

  1. Heads Up - ESXi not working on 7th Gen (Kaby Lake) Intel NUC7
  2. Preview on 7th Gen (Kaby Lake) Intel NUC
  3. How to use SSH Key Authentication in NSX-T
  4. How to enable LDAP Authentication in NSX-T 3.0
  5. Special Characters in dvSwitch Port Groups and PowerCLI
Tags:

1 thought on “Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0”

Leave a Reply

Your email address will not be published. Required fields are marked *