Add support for LDAP #66
Comments
|
Will require adding Probably will require other things for Nexus Pro. |
|
It'll also need to {
"data": {
"protocol": "ldap",
"host": "dc-001.fabricam.net",
"port": 389,
"searchBase": "DC=intsm,DC=net",
"authScheme": "DIGEST-MD5",
"systemUsername": "--FAKE-USERNAME--",
"systemPassword": "--FAKE-PASSWORD--"
}
}and against {
"data": {
"userBaseDn": "cn=Users",
"userSubtree": false,
"userObjectClass": "user",
"userIdAttribute": "sAMAccountName",
"userRealNameAttribute": "cn",
"emailAddressAttribute": "mail",
"ldapGroupsAsRoles": true,
"groupBaseDn": "cn=Groups",
"groupSubtree": false,
"groupObjectClass": "groupOfUniqueNames",
"groupIdAttribute": "cn",
"groupMemberAttribute": "uniqueMember",
"groupMemberFormat": "${username}",
"userMemberOfAttribute": "memberOf"
}
}This is really just for Active Directory setups, but I assume it would be easy enough to modify to a normal LDAP service. After that, it'll require some calls to set up External Role Mappings. Investigating that now. |
|
hmm, I'm not having much luck with the api calls for roles. I've noticed that it does effect <roles>
<role>
<id>Domain Admins</id>
<name>Domain Admins</name>
<description>External mapping for Domain Admins (LDAP)</description>
<roles>
<role>nx-admin</role>
</roles>
</role>
</roles>This doesn't really help the cli much, but can help config management. |
|
conn_info and user_group_info both make sense. I'm not very familiar with how roles work. Maybe editing that security.xml is something that should be left to the nexus cookbook? |
|
Ah, I think I've got it. Seems like it just takes a {
"data": {
"id": "Domain Admins",
"name": "Domain Admins",
"description": "External mapping for Domain Admins (LDAP)",
"sessionTimeout": 60,
"roles": [
"nx-admin"
],
"privileges": []
}
} |
Need to support configuring and getting information about the LDAP end points.
The text was updated successfully, but these errors were encountered: