Nexus3 Groovy script to add role using External Role mapping from LDAP

Question

I'm working with Nexus3 groovy scripting to Provision/Bootstrap my Nexus3 - OSS instance. While looking through the complex scripting examples and the shell scripting examples as well as the sonatype books, i'm not seeing any clear documentation about the security method and it's parameters.

My main question is how do I map an LDAP group to a Nexus Role using groovy?

security.addRole('admin.role', 'Admin', 'Some Description', 'nx-admin', 'LDAPGroupName')

I'm getting a 400 with this when pushing to Nexus and running. I appreciate any help I can get here.

Did you find a solution to the porblem? If so please share – Georgi Mar 03 '17 at 13:24 — Georgi, Mar 03 '17 at 13:24

score 1 · Answer 1 · answered Aug 13 '19 at 08:52

1

I think, it's bit a late update.

It seems , you are passing up the wrong parameter type for privilege and role.

I'd suggest you try below :-

security.addRole('admin.role', 'Admin', 'Some Description', ['nx-admin'], ['LDAPGroupName'])

answered Aug 13 '19 at 08:52

Jen

150
2
15

user1936595 · Answer 2 · 2017-04-04T14:42:23.037

The script below adds mapping from LDAP role to nexus role.

import groovy.json.JsonOutput
import groovy.json.JsonSlurper
import org.sonatype.nexus.security.SecuritySystem

def request = new JsonSlurper().parseText(args)
String ldap = request.ldap
String name = request.name ?: request.ldap
String nexus = request.nexus
assert ldap != null && nexus != null


def role = security.addRole(ldap, name, "Mapping for LDAP "+ldap, [], [nexus]);

JsonOutput.prettyPrint(JsonOutput.toJson(role))

The parameter 'ldap' is LDAP role name and 'nexus' is nexus role name (like 'nx-admin'). Note after adding mapping two roles with the same id will appear (one for LDAP source, other for default). Nexus apparently correlate them by id. Script below lists all roles (LDAP and default one). You might need to pass user LDAP user name to this script in order to LDAP roles to appear, because LDAP is deactivated if it is not used for some time, in that case script will show only nexus roles.

import groovy.json.JsonOutput
import groovy.json.JsonSlurper
import org.sonatype.nexus.security.SecuritySystem

SecuritySystem securitySystem = container.lookup(SecuritySystem.class.name)
if(args != null && args.length() > 0) {
    def request = new JsonSlurper().parseText(args)
    if(request.user != null && request.user.length() > 0) {
        securitySystem.getUser(request.user)
    }
}

JsonOutput.prettyPrint(JsonOutput.toJson(securitySystem.listRoles()))

Nexus3 Groovy script to add role using External Role mapping from LDAP

2 Answers2