Hi,

Is it possible to assign roles to nested groups when using identity "AD as LDAP"

Base DN for users: OU=testusers,DC=maq,DC=intra

Base DN for groups: OU=Groups,DC=maq,DC=intra

User X (in testusers OU)  is in Domain Users groups (that is not in the base DN groups scope !) and Domain Users groups is in group "g-vsphere-vm-creator" (in base DN groups  scope)

And there is a global role "g-vsphere-vm-creator" -> "vm creator" role

But it doesn't work. X got no permissions.

Thanks you

Thanks you