LDAP configuration in nexus.properties

Sonatype Nexus Repository
, ,
1

Hello,

since a couple of days I’m trying to configure our LDAP server inside the nexus.properties.
But it’s very difficult to find any helpful documentation or any kind of example.
I’m using the sonatype/nexus3 Docker image.

What is the correct way of configuring the LDAP properties inside nexus.properties?
I found a couple of versions but I’m not sure, which one is correct

nexus.security.auth.ldap.enabled=true
nexus.security.auth.ldap.url=ldap://<ldap-server>:389
nexus.security.auth.ldap.baseDn=dc=XXX,dc=com
nexus.security.auth.ldap.bindDn=cn=YYY,ou=System,dc=XXX,dc=com
nexus.security.auth.ldap.bindPassword=ZZZZZ

or

nexus.ldap.env.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
nexus.ldap.env.java.naming.provider.url=ldap://<ldap-server>:389
nexus.ldap.env.java.naming.security.authentication=simple
nexus.ldap.env.java.naming.security.credentials=

or

nexus.ldap.enabled=true
nexus.ldap.server.hostname=<ldap-server>
nexus.ldap.server.port=389
nexus.ldap.server.security.starttls=true
nexus.ldap.auth.userDn=cn=YYY,ou=System,dc=XXX,dc=com
nexus.ldap.auth.password=ZZZZZ
nexus.ldap.auth.searchBase=dc=XXX,dc=com

Really would appreciate any kind of help or example configurations,
especially for the more detailed settings like objectClass,searchFilter etc.

Thank you!

2

Here’s our Ansible that gets put into a template of nexus.properties (I’m sure you can get the gist of it):

ldap_connections:
  - ldap_name: 'Example AD' # used as a key to update the ldap config
    ldap_protocol: 'ldaps' # ldap or ldaps
    ldap_hostname: 'ad.example.com'
    ldap_port: 636
    ldap_search_base: 'CN=Production,DC=ad,DC=example,DC=com'
    ldap_auth: 'simple'
    ldap_auth_username: "username"
    ldap_auth_password: "password"
    ldap_user_base_dn: 'cn=users'
    ldap_user_filter: '' # (optional)
    ldap_user_object_class: 'user'
    ldap_user_id_attribute: 'sAMAccountName'
    ldap_user_real_name_attribute: 'cn'
    ldap_user_email_attribute: 'mail'
    ldap_user_subtree: true
    ldap_map_groups_as_roles: true
    ldap_map_groups_as_roles_type: 'dynamic'
    ldap_group_base_dn: 'ou=groups'
    ldap_group_object_class: 'posixGroup'
    ldap_group_id_attribute: 'cn'
    ldap_group_member_attribute: 'member'
    ldap_group_member_format: 'memberOf'
    ldap_group_subtree: true
3

I’m not sure that you can specify an LDAP server this way, there are some general LDAP configuration options you can change: https://support.sonatype.com/hc/en-us/articles/216597138-Setting-Advanced-LDAP-Connection-Properties-in-Nexus-Repository