As I couldn’t find any resource on where to file a bug report for the OS Nexus repository manager, I’m placing it here.
We configured our Nexus Repository Manager OSS 3.19.1-01 with a LDAP connection to the AD server. Which works fine for most users. Authentication is working properly for the docker registry being hosted by Nexus. But also directly on the Nexus GUI itself to browse through other repositories.
Apparently when a user has a # (pound) symbol in the password things just stop working during the authentication process. We’ve repeatedly tested this by ONLY changing the password for the user on AD site and trying to connect to Nexus (via “verify login” on the LDAP tab, and via “docker login my.nexus.repo:5000” ).
Having a pound # in the password doesn’t work. On docker login it replies with a 401, and with “verify login” it yields
Failed to connect to LDAP Server: User ‘CN=myCN,OU=myOU,OU=otherOU,DC=myDC,DC=otherDC’ cannot be authenticated. [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0c09042A, comment: AcceptSecurityContext error, data52e, v3839]]
When changing the password back to a password without a # pound it works perfectly fine.
There are special logs on the Nexus server that indicates there is something wrong, so what’s going on here? It looks like a bug to me
I have an error similar to the one postulated here, I was validating the Jira cases that they created and I see that it closed due to response time but I do not see a solution, I do not know if it is wrong and if there is a solution.
This is the error that it throws me when I do the test with my user who is in the group that I configure in the LDAP:
Failed to connect to LDAP Server: Server: Appgate LDAP, could not be accessed: Failed to retrieve ldap information for user. [Caused by org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for user.] [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v4563]]
You can help me, the connection to the LDAP is successful and I see the users that are in the group, but when I do the login test it shows me the error that I copied them before.
Just a guess… but make sure the “password attribute” field is not set in the user & group configuration screen. It is almost never needed, and it can cause authentication problems when it is set. When it isn’t set a BIND is done, which is what you likely want.