Hi, I’ve setup LDAP. I think I did everything correct, but still can’t login with an LDAP user.
If I first create that user (Realm: ldap) then I can login with the user…
Surely that’s not the way to go no? Do I need to create all users before they can login with LDAP?
Nexus 2.15.1-02
Kind regards, Lieven Cardoen
No, once your LDAP connection is configured correctly you shouldn’t have to create any users in Nexus Repository Manager. Use the “Verify User Mapping” button to check that LDAP seems to be mapping some users you recognize, then use the “Verify login” button to test some user credentials.
Hi, upgraded to Nexus 3 and there it’s working.
However, every user that logs in with LDAP is an administrator.
I’ve mapped a Role to an LDAP group and gave that Role some access. But that doesn’t seem to work. Every LDAP users seems to have Administrator rights…
From the logs I can’t seem to see a lot… Is there a way to see more logging concerning LDAP and the Role/Privileges?
2022-06-22 11:13:52,253+0200 TRACE [qtp1484350385-630] lievenc org.apache.shiro.realm.AuthorizingRealm - Retrieving AuthorizationInfo for principals [lievenc]
2022-06-22 11:13:52,253+0200 TRACE [qtp1484350385-630] lievenc org.apache.shiro.realm.AuthorizingRealm - Attempting to retrieve the AuthorizationInfo from cache.
2022-06-22 11:13:52,253+0200 TRACE [qtp1484350385-630] lievenc org.apache.shiro.realm.AuthorizingRealm - AuthorizationInfo found in cache for principals [lievenc]
2022-06-22 11:13:52,253+0200 TRACE [qtp1484350385-630] lievenc org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer - Realm: NexusAuthorizingRealm user: lievenc has permission: nexus:logging:read
2022-06-22 11:13:52,253+0200 TRACE [qtp1484350385-630] lievenc org.sonatype.nexus.common.stateguard.GuardedInterceptor - Invoking: GuardImpl{allowed=[STARTED]} → public java.io.InputStream org.sonatype.nexus.internal.log.LogbackLogManager.getLogFileStream(java.lang.String,long,long) throws java.io.IOException
2022-06-22 11:13:52,253+0200 DEBUG [qtp1484350385-630] lievenc org.sonatype.nexus.internal.log.LogbackLogManager - Retrieving log file
2022-06-22 11:13:52,253+0200 TRACE [qtp1484350385-630] lievenc org.sonatype.nexus.common.stateguard.GuardedInterceptor - Invoking: GuardImpl{allowed=[STARTED]} → public java.io.File org.sonatype.nexus.internal.log.LogbackLogManager.getLogFile(java.lang.String)
2022-06-22 11:13:52,253+0200 TRACE [qtp1484350385-630] lievenc org.sonatype.nexus.common.stateguard.GuardedInterceptor - Invoking: GuardImpl{allowed=[STARTED]} → public java.util.Set org.sonatype.nexus.internal.log.LogbackLogManager.getLogFiles()
Thx
You could try turning up the logging for specific packages or classes through the UI. Maybe org.sonatype.nexus.ldap turned up to trace?