How to: Configure nested LDAP groups


You have an LDAP group that contains various LDAP groups that in turn contain users. You want to assign this LDAP group to a role in XL Deploy and have the users in the sub-groups inherit the permissions of that XL Deploy role.


XL Deploy, roles and permissions


  1. Edit your deployit-security.xml file
  2. Change DefaultLdapAuthoritiesPopulator to NestedLdapAuthoritiesPopulator
  3. Your bean should look something like the example below
<bean id="authoritiesPopulator" class="
<constructor-arg ref="ldapServer" />
<constructor-arg value="dc=example,dc=com" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="false" />


  • The NestedLdapAuthoritiesPopulator class is available in XLD and XLR versions 6 and up.
  • Don't make your group search base too specific. If you have groups in different branches of your LDAP tree, and you specify ou=xldeploy,ou=applications,dc=example,dc=com in your group search base, the groups in ou=groups,dc=example,dc=com are not found. So the most specific group search base you can use is dc=example,dc=com

Additional Information

For more information about the configuration of LDAP for your XL Deploy, please see LDAP security in the Developer Portal.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.