I have created new AD groups for use with my new Nexus OSS installation. When I try to map those groups to roles in Nexus, the groups are not showing up in the search.
If I use the “Verify user mapping” feature, with some hacks on the ldap page the groups are found so there’s no reason that I can find why they shouldn’t be available when mapping a role.
To find the groups with Verify user mapping, I first changed the LDAP user object to group instead of user. Then in the filter box, I put, without the brackets, of course:
samaccountname=<Partial Name of My Groups>*
The verify list only shows the first 20 groups returned so I extended the partial name to make sure that the new groups were in the first 20 and then they were returned in the verify user mapping result.
I return the user and group tab to its normal state (user object = user, remove the filter) and go back to Roles. The other groups that I had just seen in the verify list are shown when I start typing the group to map but these new groups I created are not listed. Even if I type it in manually and try to save I get an error.
Other AD tools I use show these new groups that are not available for roles right alongside the groups that are avaiable - they’re organizationally peers. Only Nexus is not showing them when I try to map a role.
Our AD team reminded me that some applications don’t properly handle large result sets - we have 70K+ groups in our AD environment. I’ve written enough AD code to remember that I had to write loops to get more than 5000 results from AD. I don’t know if these things are related; I’m just tossing them out for consideration.
Any other ideas why these new AD groups are not available for role mapping?