Nexus Repository Manager configure OpenLDAP to allow users in a specifig group only

Question

I'm trying to configure Nexus 3.42.0-01 with OpenLDAP.

I set the configuration as below:

LDAP server address:       ldaps://192.168.0.1:636
Search Base DN:            dc=my,dc=domain,dc=local
Authentication Method:     Simple Authentication
Username:         uid=appauth,ou=auth,ou=nexus_cicd,ou=Applications,dc=my,dc=domain,dc=local
Password:         ********
User relative DN:          <blank>
User subtree:              <checked>
Object Class:              inetOrgPerson
User filter:               <blank>
User ID attribute:         uid
Real name attribute:       cn
Email attribute:           mail
Map LDAP groups roles:     <checked>
Group type:                Dynamic Groups
Group member of attribute: memberOf

I can view all users, but my problem is how can I restrict access to only users of a specific group?

Thanks for your support.

Answer 1

It depends on your needs, and how you define "restrict access".

You can create an external role mapping (only) for that specific group, role for which you can assign the privileges you want, and the restricted users that are not member of that group would get the role 'anonymous'.

Or, if you don't want the restricted users to appear at all in Nexus and/or if they shouldn't authenticate, you can just use a filter to exclude them, eg.

User filter:    (memberOf=<groupDN>)

Optionally, you could also refine the base search eg.

User relative DN:    ou=Users

.. but this will probably not be sufficient to apply the restriction.