Skip to main content

How to use nested groups when Management Console is configured to use LDAP authentication

Article # 308391 - Page views: 615


Question / Problem: 

Management Console can be configured to use LDAP Authentication (see Knowledgebase article 12383). The default configuration in login.xml uses this group search query:

<property name="groupSearchFilter" value="(member={0})"/>

This will only allow access for the users that are direct members in the groups (that were granted access to Management Console).

How to allow access for the users who are members of a nested group (inside of a group with access)?

Answer / Solution: 


In login.xml replace:


                <property name="groupSearchFilter" value="(member={0})"/>


       <property name="groupSearchFilter" value="(member:1.2.840.113556.1.4.1941:={0})"/>


Save the file and restart Tomcat.


This is an LDAP query from Microsoft's "LDAP Syntax filters" article.


Applies to:  

Product Version Category
RPA all Management Console


Author:  Delia Milchis

  • Was this article helpful?