How to configure nested LDAP groups


You have an LDAP group that again contains various LDAP groups which on there turn contains users. You want to assign this LDAP group to a role in XL Deploy so if one of the users log in, the have the permissions of that XL Deploy role.


XL Deploy, roles and permissions

Steps to Perform

The main thing you should do is to adjust your deployit-security.xml file and change DefaultLdapAuthoritiesPopulator to NestedLdapAuthoritiesPopulator.

Then your bean has to look something similar like:

<bean id="authoritiesPopulator" class="">
  <constructor-arg ref="ldapServer" />
  <constructor-arg value="dc=example,dc=com" />
  <property name="groupSearchFilter" value="(member={0})" />
  <property name="rolePrefix" value="" />
  <property name="searchSubtree" value="true" />
  <property name="convertToUpperCase" value="false" />

The NestedLdapAuthoritiesPopulator class is available in XLD and XLR versions 6 and up.

Don't make your group search base too specific. If you have have groups in different branches of your ldap tree, and you specify ou=xldeploy,ou=applications,dc=example,dc=com in your group search base, the groups in ou=groups,dc=example,dc=com are not found. So the most specific group search base you can use is dc=example,dc=com.

Additional Information

More information about the configuration of LDAP for your XL Deploy, you can find in this documentation.


kb, how-to, XL Deploy, XLD, XL Release, XLR, nested LDAP group, role

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.