How to create ldap external role mapping?
534 views
Skip to first unread message
Rui Lopes
Oct 29, 2017, 2:12:55 PM10/29/17
to Nexus Users
Hello,
How can I create an ldap external role mapping in nexus 3.6.0-02?
The following groovy script does not fail, but it does not create the mapping either:
security.addRole(
"Administrators",
"nx-admin-ldap",
"Administrator Role (mapped from LDAP Administrators)",
privileges: [],
roles: ["nx-admin"])
Any idea why? Or how to create the mapping?
Rich Seddon
Oct 30, 2017, 12:17:35 PM10/30/17
to Nexus Users
Well, this is a good news/bad news situation...
The bad news is that you cannot currently specify the realm in the "addRole()" API:
The good news is, there is a workaround. Just create a default realm role with the same ID as your LDAP group. That will provide a mapping to the LDAP group. The reason it works is because that is the way Nexus 2.x works, and we cannot change this now without breaking compatibility.
Regards,
Rich
Rui Lopes
Nov 1, 2017, 9:06:17 AM11/1/17
to Nexus Users
Oh, I found the clueprint. My previous code was working... but I was executing like this:
if (!security.securitySystem.listRoles().any { it.roleId == "Administrators" }) {
instead of also testing the source, as in:
if (!security.securitySystem.listRoles().any { it.roleId == "Administrators" && it.source == "default" }) {
It now works and lives at https://github.com/rgl/nexus-vagrant/commit/a3bce43d01ceca851390e47e797c8139c4b23384! thanks!
BTW, do you have any idea about https://groups.google.com/a/glists.sonatype.com/forum/#!topic/nexus-users/6BszuArYf-I?
that is, how can I update a repository writePolicy from groovy? I've tried to hack my way around with the next code, but it didn't work... can you point me in the right direction?
import groovy.json.JsonOutput
import org.sonatype.nexus.repository.storage.WritePolicy
r = repository.repositoryManager.get("nuget-hosted")
r.stop()
r.configuration.attributes.storage.writePolicy = WritePolicy.ALLOW_ONCE
r.update(r.configuration)
r.start()
return JsonOutput.toJson([
configuration: r.configuration.attributes,
writePolicy: r.configuration.attributes.storage.writePolicy,
])
Danny Kulchinsky
Nov 1, 2017, 11:24:07 AM11/1/17
to Nexus Users
Take a look here: https://github.com/savoirfairelinux/ansible-nexus3-oss/blob/master/files/groovy/create_repo_maven_hosted.groovy
We use this playbook to configure our Nexus.
Danny
Rui Lopes
Nov 1, 2017, 12:29:51 PM11/1/17
to Nexus Users
Have you tried to modify the writePolicy to ALLOW_ONCE *AND* restart nexus? Here it does not really work after restart, the writePolicy goes back to ALLOW :-(
And thanks for that playbook link, going to have a closer look :-)
Danny Kulchinsky
Nov 1, 2017, 12:33:22 PM11/1/17
to Rui Lopes, Nexus Users
In our case the settings persist after Nexus restart.
Danny
--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users+unsubscribe@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/65422ba8-406c-4966-9a0a-9f13f5733ba3%40glists.sonatype.com.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.
Rui Lopes
Nov 1, 2017, 1:02:26 PM11/1/17
to Nexus Users, rui.godi...@gmail.com
I am at lost... because the code is similar and here (nexus 3.6.02) the writePolicy is always ALLOW after a restart :-(
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.
Danny Kulchinsky
Nov 15, 2017, 3:04:36 PM11/15/17
to Rui Lopes, Nexus Users
Hi Rui,
It seems we've hit the same issue, some of the settings we are applying to repositories using the groovy scripts do not persist restart of Nexus - very strange.
Specifically, we are updating Negative Cache and Metadata Max Age parameters on Proxy repos which seem to reverse back to previous value as soon as Nexus is restarted.
Were you able to figure it out? maybe someone have a clue what's going on?
We are using the ansible playbook I mentioned in the thread (https://github.com/savoirfairelinux/ansible-nexus3-oss)
Danny
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users+unsubscribe@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/ab375050-caf3-421a-b59a-cd21ab7ace8f%40glists.sonatype.com.
Rui Lopes
Nov 15, 2017, 4:34:06 PM11/15/17
to Danny Kulchinsky, Nexus Users
I did not, still waiting for someone to chip in :-)
I've ended up deleting the repository and creating it again (see https://github.com/rgl/nexus-vagrant/commit/c40572290ae2de04451cca3bc06f7e28967f409f). Not the ideal situation, but for my particular case it works.
Danny Kulchinsky
Nov 16, 2017, 12:02:55 PM11/16/17
to Rui Lopes, Nexus Users
Thank Rui!
This is starting to worry me, we are relying on the anisble playbook to manage the configuration of our Nexus deployments (Master server and numerous proxies distributed worldwide), seems like something is not fully "commited" when changes are made using the groovy scripts and it causes the changes to be discarded/reversed when Nexus restarts.
Since this is reoccuring (on at least 2 unrelated installation), can someone from Sonatype take a look? should we open a ticket? what additional info is required?
Danny
Peter Lynch
Nov 16, 2017, 2:14:56 PM11/16/17
to Danny Kulchinsky, Rui Lopes, Nexus Users
On Thu, Nov 16, 2017 at 1:02 PM, Danny Kulchinsky <dann...@gmail.com> wrote:
Thank Rui!This is starting to worry me, we are relying on the anisble playbook to manage the configuration of our Nexus deployments (Master server and numerous proxies distributed worldwide), seems like something is not fully "commited" when changes are made using the groovy scripts and it causes the changes to be discarded/reversed when Nexus restarts.Since this is reoccuring (on at least 2 unrelated installation), can someone from Sonatype take a look? should we open a ticket? what additional info is required?
Please file an issue at https://issues.sonatype.org in the NEXUS project with the complete reproduce steps. This thread does concern us, but tracking the "similar" scripts and what is actually being run is getting hard to follow in this thread.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/CACrQNsNqV7opRKVPKQyqiTdCCOv%3DJ6Vsc0eO%2BzzFZ3PHPijfvg%40mail.gmail.com.
Rui Lopes
Nov 16, 2017, 6:05:17 PM11/16/17
to Peter Lynch, Danny Kulchinsky, Nexus Users
Peter, my original question, with the simplest script I could write, is at https://groups.google.com/a/glists.sonatype.com/forum/#!topic/nexus-users/6BszuArYf-I.
Rui Lopes
Nov 16, 2017, 6:20:06 PM11/16/17
to Nexus Users, ply...@sonatype.com, dann...@gmail.com
I've opened the https://issues.sonatype.org/browse/NEXUS-14948 issue
On Thursday, November 16, 2017 at 11:05:17 PM UTC, Rui Lopes wrote:
Peter, my original question, with the simplest script I could write, is at https://groups.google.com/a/glists.sonatype.com/forum/#!topic/nexus-users/6BszuArYf-I.
[...]
Danny Kulchinsky
Nov 20, 2017, 9:09:33 AM11/20/17
to Rui Lopes, Nexus Users, Peter Lynch
Thanks Rui!
Peter, I also added some details from our deployment.
Hope someone can take a look at this as this is starting to really bite us.
Danny
Reply all
Reply to author
Forward
0 new messages