Active Directory authentication does not work, nested groups have no role assigned in Operations for Logs
search cancel

Active Directory authentication does not work, nested groups have no role assigned in Operations for Logs

book

Article ID: 388496

calendar_today

Updated On: 05-21-2025

Products

VMware Aria Suite

Issue/Introduction

  • After configuring Active Directory authentication in Operations for Logs and Importing Active Directory groups, members of nested groups are able to log in but receive one of the following error messages in the UI:
    • You do not have any rights assigned.
    • You do not have permission to access VMware Aria Operations for Logs.
    • The /storage/core/loginsight/var/runtime.log may contain an error similar to:
      • [ERROR] [com.vmware.loginsight.aaa.ad.ActiveDirectoryAuthenticator] [Credentials are invalid or the user does not have access, won't try on other domains]

Environment

Aria Operations for Logs 8.x

Cause

Nested groups functionality is disabled by default in Operations for Logs.

Resolution

  1. Take snapshots of the Operations for Logs nodes before performing any maintenance.
  2. Browse to the internal config page of the primary node at https:// Primary_Hostname_Or_IPaddress/internal/config per the article.
  3. Locate the <ad-nested-groups value="false" /> line and change to true per the article.

  4. Restart loginsight service on all the nodes.
    service loginsight restart