Log-in only if member of an AD group

418 views
Skip to first unread message

Kaliyug Antagonist

unread,
Feb 28, 2018, 7:36:31 AM2/28/18
to Nexus Users
Nexus 3.7.1-02

Only the users who are members of a particular AD group can log-in Nexus, the rest shouldn't be allowed.

The connection tab settings work fine:


In the 'User and Group' tab, I selected 'Active Directory' and 'Map LDAP groups as roles' is unchecked. The 'Verify Login' works




I am able to log-in as an AD user(he doesn't see any repositories):


I am referring this documentation link. Now, I am unsure as to how to proceed.
  1. Provide a search string in the  'User filter'. I tried queries like '(&(objectClass=*)(member=[CN=hadoopJenkinsAdmin,OU=Groups,OU=Hadoop,OU=Enterprise,DC=global,DC=scd,DC=company,DC=com]))' but it resulted in 'Failed to connect to LDAP Server: No such user: A user with username 'ojoqcu' does not exist' in the 'Verify Login' step
  2. Does the 'Map LDAP groups as roles' play a part here?

Rich Seddon

unread,
Feb 28, 2018, 9:26:28 AM2/28/18
to Nexus Users
You're hitting this issue:


Note that the users who are not mapped to any roles in Nexus do not have access to anything.  So they are able to log in, but the will no access to any functionality.

Rich

Kaliyug Antagonist

unread,
Feb 28, 2018, 9:29:07 AM2/28/18
to Nexus Users
So does it mean that it's not possible to restrict log-in to the members of a particular AD group?

msu...@sonatype.com

unread,
Feb 28, 2018, 9:51:48 AM2/28/18
to Nexus Users
Until that issue is resolved, they will be able to login, just will not have access to any functionality.

Regards,
Mahendra
Reply all
Reply to author
Forward
0 new messages