Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0

When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example:

  • User "John" is a member of the group "IT Department"
  • Group "IT Department" is member of Group "NSX Admin"
  • Group "NSX Admin" is assigned the Enterprise Admin Role in NSX-T

User "John" can't log in because NSX-T does not search inside nested groups. If you need nested groups to work and there is no workaround, use the vIDM (VMware Identity Manager) appliance.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.