I have Rundeck 4.10.1 running on RH linux 9. I have AD authentication set up which works well. I have various Rundeck security groups in Active Directory and various aclpolicy files in /etc/rundeck to allow different groups have permissions to certain projects. All works well. But I want to nest existing AD groups into the Rundeck groups so that I don’t have to add 100 individuals to a rundeck group to give permissions. jmurphy is a member of the Engineering group. If I add Engineering to RundeckEngineering, jmurphy has no permissions. If I add jmurphy directly to RundeckEngineering, he gets the Rundeck permissions.

Here is my jaas-activedirectory.conf file:

activedirectory {

com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required

debug=“true”

contextFactory=“com.sun.jndi.ldap.LdapCtxFactory”

providerUrl=“ldap://NYMGMTDC01.management.corp:389”

bindDn=“CN=rundeck,OU=Service Accounts,OU=Management,DC=mydomain,DC=corp”

bindPassword=“PASSWORD”

authenticationMethod=“simple”

forceBindingLogin=“true”

userBaseDn=“DC=mydomain,DC=corp”

userRdnAttribute=“sAMAccountName”

userIdAttribute=“sAMAccountName”

userPasswordAttribute=“unicodePwd”

userObjectClass=“user”

roleBaseDn=“OU=Groups,OU=Management,DC=management,DC=corp”

roleNameAttribute=“cn”

roleMemberAttribute="member:1.2.840.113556.1.4.1941:"

roleObjectClass=“group”

cacheDurationMillis=“300000”

reportStatistics=“true”;

};

I read elsewhere that changing

roleMemberAttribute=“member”

to

roleMemberAttribute="member:1.2.840.113556.1.4.1941:

would do the trick, but it is not working for me.

Any help would be appreciated.

Thank you