diff --git a/Berksfile.lock b/Berksfile.lock
index dee0de55bc..f2d318ad68 100644
--- a/Berksfile.lock
+++ b/Berksfile.lock
@@ -9,24 +9,22 @@ GRAPH
     iptables (>= 0.0.0)
     logrotate (>= 0.0.0)
     pacman (>= 0.0.0)
-  apt (2.5.3)
-  build-essential (2.0.6)
+  apt (2.6.0)
+  build-essential (2.1.2)
   iptables (0.14.0)
   java (1.28.0)
-  logrotate (1.6.0)
+  logrotate (1.7.0)
   pacman (1.1.1)
   rundeck (2.0.5)
     apache2 (>= 0.0.0)
     java (>= 0.0.0)
     runit (>= 0.0.0)
-    selinux (>= 0.0.0)
     sudo (>= 0.0.0)
   runit (1.5.10)
     build-essential (>= 0.0.0)
     yum (~> 3.0)
     yum-epel (>= 0.0.0)
-  selinux (0.8.0)
-  sudo (2.7.0)
-  yum (3.3.1)
-  yum-epel (0.5.1)
+  sudo (2.7.1)
+  yum (3.4.0)
+  yum-epel (0.5.2)
     yum (~> 3.0)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 332c24b921..fb96916d80 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@
 * remove the tie of rundeck username and group
 * chef-client v10 treats `platform?` as attribute instead of method in attributes file
 * Add supplemental groups to jaas-activedirectory (https://github.com/rundeck/rundeck/issues/590).  This affects default['rundeck']['default_role']
-* bump default rundeck version to 2.2.1-1
+* bump default rundeck version to 2.3.0-1
 * configurable server url attributes added
 * fixed home dir creation
 * berkshelf and cookbook test updates
diff --git a/attributes/default.rb b/attributes/default.rb
index b89ea7f0e2..2becdfa07c 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -2,10 +2,10 @@
 default['rundeck']['configdir'] = "/etc/rundeck"
 default['rundeck']['basedir'] = "/var/lib/rundeck"
 default['rundeck']['datadir'] = "/var/rundeck"
-default['rundeck']['deb']['package'] = "rundeck-2.2.1-1-GA.deb"
+default['rundeck']['deb']['package'] = "rundeck-2.3.0-1-GA.deb"
 default['rundeck']['deb']['options'] = false #--force-confdef --force-confold
 default['rundeck']['url'] = "http://download.rundeck.org/deb/#{node['rundeck']['deb']['package']}"
-default['rundeck']['checksum'] = "816b96bf4545bd831c87d5ef1953770a0e705192d4c96bc4907f483c4558f269"
+default['rundeck']['checksum'] = "d2b33e7b4f738ddbd46ef6b5c799008d08c7f52e"
 default['rundeck']['port'] = 4440
 default['rundeck']['jaas'] = "internal"
 default['rundeck']['default_role'] = "user"
@@ -95,3 +95,4 @@
 default['rundeck']['ldap']['roleprefix'] = "rundeck-"
 default['rundeck']['ldap']['cachedurationmillis'] = "300000"
 default['rundeck']['ldap']['reportstatistics'] = "true"
+default['rundeck']['ldap']['supplementalroles'] = node['rundeck']['default_role']
diff --git a/templates/default/jaas-activedirectory.conf.erb b/templates/default/jaas-activedirectory.conf.erb
index 225754e1c5..5bb5eabeef 100644
--- a/templates/default/jaas-activedirectory.conf.erb
+++ b/templates/default/jaas-activedirectory.conf.erb
@@ -22,8 +22,10 @@ activedirectory {
     roleObjectClass="<%=@ldap[:roleobjectclass]%>"
     rolePrefix="<%=@ldap[:roleprefix]%>"
     cacheDurationMillis="<%=@ldap[:cachedurationmillis]%>"
+<% if @ldap[:supplementalroles] -%>
+    supplementalRoles="<%=@ldap[:supplementalroles]%>"
+<% end -%>
     reportStatistics="<%=@ldap[:reportstatistics]%>";
-
     org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
     debug="true"
     file="<%=@configdir%>/realm.properties";