1

I'm trying to validate Nexus Sonatype configurations. I discovered Groovy scripts from here :

https://github.com/savoirfairelinux/ansible-nexus3-oss/tree/master/templates/groovy

I'm able to configure LDAP in Nexus Sonatype, or even create a new role (not from LDAP). But now I'm searching how to get LDAP users, to then put them in a specific group/rôle.

The Groovy script is the following : 

import groovy.json.JsonSlurper
import org.sonatype.nexus.security.user.UserNotFoundException


parsed_args = new JsonSlurper().parseText(args)

try {
  // update an existing user
  user = security.securitySystem.getUser(parsed_args.username)

  /* I tried with 'setSource' but doesn't works... */
  user.setSource(parsed_args.source)

  user.setFirstName(parsed_args.first_name)
  user.setLastName(parsed_args.last_name)
  user.setEmailAddress(parsed_args.email)
  security.setUserRoles(parsed_args.username, parsed_args.roles)
  security.securitySystem.updateUser(user)
  security.securitySystem.changePassword(parsed_args.username, parsed_args.password)
  security.setUserRoles(parsed_args.username, parsed_args.roles)

} catch(UserNotFoundException ignored) {
  // create the new user
  security.addUser(parsed_args.username, parsed_args.first_name, parsed_args.last_name, parsed_args.email, true, parsed_args.password, parsed_args.roles)
  }

In the "Users" tab, Nexus selects the "default" source (not LDAP...). I searched in the nexus-public repository, in the org.sonatype.security group, but honestly I don't understand their classes... : https://github.com/sonatype/nexus-public/tree/master/components/nexus-security/src/main/java/org/sonatype/nexus/security

Anyone already did that ?

EDIT :

I tried this : 

import groovy.json.JsonSlurper
import org.sonatype.nexus.security.user.UserNotFoundException
import org.sonatype.nexus.security.user.UserSearchCriteria

parsed_args = new JsonSlurper().parseText(args)


criteria = new UserSearchCriteria(userId: 'myUser', source: 'LDAP')
user = security.securitySystem.searchUsers(criteria)
//user.forEach { println it }
security.setUserRoles(user.userId, 'myRole')
security.securitySystem.updateUser(user)

Now my error is : 

javax.script.ScriptException: groovy.lang.MissingMethodException: No signature of method: org.sonatype.nexus.security.internal.SecurityApiImpl.setUserRoles() is applicable for argument types: (java.util.ArrayList, java.util.ArrayList) values: [[myUser], [myRole]]\\nPossible solutions: setUserRoles(java.lang.String, java.util.List)\"\n}", "content_type": "application/json", "date": "Fri, 30 Dec 2016 10:05:51 GMT", "failed": true, "json": {"name": "setup_user", "result": "javax.script.ScriptException: groovy.lang.MissingMethodException: No signature of method: org.sonatype.nexus.security.internal.SecurityApiImpl.setUserRoles() is applicable for argument types: (java.util.ArrayList, java.util.ArrayList) values: [[myUser], [myRole]]\nPossible solutions: setUserRoles(java.lang.String, java.util.List)"}, "msg": "Status code was not [200, 204]: HTTP Error 400: Bad Request

Maybe, I have a problem with ArrayList type, I tried with '[]' but not better..

Isador
  • 595
  • 3
  • 10
  • 23
  • We are a bit confused on what you are trying to accomplish. You want to find existing created LDAP users and then change the source? – DarthHater Dec 28 '16 at 18:02
  • No. Once LDAP is configured, I would to search a user in the LDAP and add it to a group. In fact, before to any operation, I need to change the Source to LDAP, instead of "default" (it's the source where searching users). – Isador Dec 29 '16 at 09:25

1 Answers1

0

So to find all LDAP users, you can do something like this

import org.sonatype.nexus.security.user.UserSearchCriteria
criteria = new UserSearchCriteria(source: 'LDAP')
users = security.securitySystem.searchUsers(criteria)
users.forEach { println it }

From there, I'm not sure why you would switch the source, but this will get you a list of all LDAP users.

DarthHater
  • 3,222
  • 25
  • 26
  • Thanks for your answer, I'll try this. It's for my organization, I need to provision Nexus initially, putting some LDAP users in a specific group/rôle. – Isador Dec 30 '16 at 08:57
  • Interested to know your complete use case, it would be helpful in case we adjust things in the future :) – DarthHater Dec 30 '16 at 17:18
  • In our organisation, we are studying a Repository Manager solution (we made a PoC of Sonatype Nexus and Jfrog Artifactory). We choosed Nexus, because it supports a lot of repository types. All our deployments are made with Ansible, and the final goal is to deploy Nexus auto-configured, avoiding manual settings (about LDAP especially). I discovered this Ansible Rôle which injects Groovy scripts in Nexus, and call them with HTTP parameters : https://github.com/savoirfairelinux/ansible-nexus3-oss/tree/master/templates – Isador Jan 04 '17 at 09:47