When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example:
- User "John" is a member of the group "IT Department"
- Group "IT Department" is member of Group "NSX Admin"
- Group "NSX Admin" is assigned the Enterprise Admin Role in NSX-T
User "John" can't log in because NSX-T does not search inside nested groups. If you need nested groups to work and there is no workaround, use the vIDM (VMware Identity Manager) appliance.
did you alrteady try to resolve nested groups via LDAP-OID: