Authenticating AD nested groups

I have Rundeck 4.10.1 running on RH linux 9. I have AD authentication set up which works well. I have various Rundeck security groups in Active Directory and various aclpolicy files in /etc/rundeck to allow different groups have permissions to certain projects. All works well. But I want to nest existing AD groups into the Rundeck groups so that I don’t have to add 100 individuals to a rundeck group to give permissions. jmurphy is a member of the Engineering group. If I add Engineering to RundeckEngineering, jmurphy has no permissions. If I add jmurphy directly to RundeckEngineering, he gets the Rundeck permissions.

Here is my jaas-activedirectory.conf file:

activedirectory {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug=“true”
contextFactory=“com.sun.jndi.ldap.LdapCtxFactory”
providerUrl=“ldap://NYMGMTDC01.management.corp:389”
bindDn=“CN=rundeck,OU=Service Accounts,OU=Management,DC=mydomain,DC=corp”
bindPassword=“PASSWORD”
authenticationMethod=“simple”
forceBindingLogin=“true”
userBaseDn=“DC=mydomain,DC=corp”
userRdnAttribute=“sAMAccountName”
userIdAttribute=“sAMAccountName”
userPasswordAttribute=“unicodePwd”
userObjectClass=“user”
roleBaseDn=“OU=Groups,OU=Management,DC=management,DC=corp”
roleNameAttribute=“cn”
roleMemberAttribute="member:1.2.840.113556.1.4.1941:"
roleObjectClass=“group”
cacheDurationMillis=“300000”
reportStatistics=“true”;
};

I read elsewhere that changing

roleMemberAttribute=“member”
to
roleMemberAttribute="member:1.2.840.113556.1.4.1941:

would do the trick, but it is not working for me.
Any help would be appreciated.
Thank you

Hi Roger,

Did you try adding the nestedGroups="true" parameter in your AD configuration? Take a look at this issue.