• After configuring Active Directory authentication in Operations for Logs and Importing Active Directory groups, members of nested groups are able to log in but receive one of the following error messages in the UI:
  • You do not have any rights assigned.
  • You do not have permission to access VMware Aria Operations for Logs.
  • The /storage/core/loginsight/var/runtime.log may contain an error similar to:
    • [ERROR] [com.vmware.loginsight.aaa.ad.ActiveDirectoryAuthenticator] [Credentials are invalid or the user does not have access, won't try on other domains]

Aria Operations for Logs 8.x

Nested groups functionality is disabled by default in Operations for Logs.

1. Take snapshots of the Operations for Logs nodes before performing any maintenance.
2. Browse to the internal config page of the primary node at https:// Primary_Hostname_Or_IPaddress/internal/config per the article.
   • Changing internal configuration options in Operations for Logs.
3. Locate the <ad-nested-groups value="false" /> line and change to true per the article.
   
   
   • Custom Active Directory configuration
4. Restart loginsight service on all the nodes.

   service loginsight restart