VMware Cloud Community
rajeshkongu
Enthusiast
Enthusiast

Access to V center is prohibited because of too many nested AD rights

Hi All,

Access to V center is prohibited because of too many nested AD rights. When i check with the AD the user is the member of around 225 groups.  the user says few days back it works fine but now it gives this error.  Is there any restriction in V center ?


Regards,

Karthick V.

Tags (1)
Reply
0 Kudos
4 Replies
wmarusiak
Enthusiast
Enthusiast

I had similar issue in previous company. It was fixed by lowering amount of nested group in AD itself.

Create test user who is member of lower amount of groups and it should work fine.

Best Regards, Wojciech https://wojcieh.net
Reply
0 Kudos
rajeshkongu
Enthusiast
Enthusiast

Hi wmarusiak,

Thanks for your response...

for group nesting Is there any restriction in  V center ?

Regards,

Karthick V.

Reply
0 Kudos
memaad
Virtuoso
Virtuoso

Hi,

Does it timeout or give invalid credential.  There is reported if user is part of too many group can cause this issue, I am expecting this issue to be fixed in next release.

Regards

Mohammed

Mohammed | Mark it as helpful or correct if my suggestion is useful.
Reply
0 Kudos
admin
Immortal
Immortal

Which version of SSO are you using?

Large amounts of nesting can result in slow processing, 5.1 pre Update 1b also had an issue with many identity sources and a couple of hundred groups with 500 being the sweet spot.

5.5 does not support nesting of ad users/groups in os local groups and sometimes also not in SSO local groups, so if you are using cross identity source nesting this might be an issue as well.

Does it make a difference if you log in through the Web Client or the classic client? Usually the error messages are better in the Web Client to get down to the issue without looking too much at the logs as the classic client only knows either timeout or wrong credentials.

Reply
0 Kudos