Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0

When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example:

  • User "John" is a member of the group "IT Department"
  • Group "IT Department" is member of Group "NSX Admin"
  • Group "NSX Admin" is assigned the Enterprise Admin Role in NSX-T

User "John" can't log in because NSX-T does not search inside nested groups. If you need nested groups to work and there is no workaround, use the vIDM (VMware Identity Manager) appliance.

1 thought on “Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0”

Leave a Reply to Marius Oskandi Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.