问题
I'm trying to authenticate users through Active Directory with Sonatype Nexus OSS 2.11.2-06. Following https://books.sonatype.com/nexus-book/reference/ldap-sect-mapping-active-directory.html :
- I have set up "LDAP Configuration" settings so that "Check Authentication" is successfull and when I click on "Check user mapping" it shows up my Active Directory test users on "User Mapping Test Results" and it shows a list of roles that correspond with the groups to which the users belong to. Nice.
- I have set up those roles with the same privileges that I have already tested with other local test users (users created using the Nexus web interface). Ok.
- When I list the "All Authorized Users" on the "Users" page it shows up my Active Directory test users with the right roles (AD Groups),
Realm=LDAPandStatus=Active. Fantastic.
But when I try to deploy artifacts with Maven ("mvn deploy") it fails deploying it: ReasonPhrase: Unauthorized:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project mvntest: Failed to deploy artifacts: Could not transfer artifact edu.ub.test:mvntest:jar:1.0-20151204.135744-4 from/to repotest00rw (https://xxxxxxx.ub.edu:yyyy/nexus/content/repositories/repotest00): Failed to transfer file: https://xxxxxxx.ub.edu:yyyy/nexus/content/repositories/repotest00/edu/ub/test/mvntest/1.0-SNAPSHOT/mvntest-1.0-20151204.135744-4.jar. Return code is: 401, ReasonPhrase: Unauthorized. -> [Help 1]
If I use one of those local test users (users created using the Nexus web interface) (set on '.m2/settings.xml') with the same roles (as shown on Web UI) I can deploy artifacts without problems.
I have set "DEBUG" to all loggers and I can't find anything that can help me, just looks like I'm been dealt as an anonymous user:
2015-12-04 14:49:26,969+0100 DEBUG [qtp-9795081-67] anonymous org.sonatype.sisu.goodies.eventbus.internal.DefaultEventBus - Event 'RepositoryItemEventRetrieve(sender="repotest00" [id=repotest00], repotest00:/edu/ub/test/mvntest/1.0-SNAPSHOT/maven-metadata.xml)' fired
2015-12-04 14:49:26,970+0100 DEBUG [qtp-9795081-67] anonymous org.sonatype.nexus.proxy.maven.maven2.M2Repository - repotest00 retrieveItem() :: FOUND repotest00:/edu/ub/test/mvntest/1.0-SNAPSHOT/maven-metadata.xml
2015-12-04 14:49:26,999+0100 DEBUG [qtp-9795081-58] org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve session ID from SessionKey [org.apache.shiro.web.session.mgt.WebSessionKey@601f6170]. Returning null to indicate a session could not be found.
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - No authorization found (header or request parameter)
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - No authorization found (header or request parameter)
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - No authorization found (header or request parameter)
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - Attempting to authenticate Subject as Anonymous request...
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [anonymous] from doGetAuthenticationInfo
Can anybody help me?
Thanks a lot!
/Angel
回答1:
From your description is seems like you have not created an external role mapping. See details at http://books.sonatype.com/nexus-book/reference/ldap-sect-external-role-mapping-config.html
The purpose of this mapping is to match an external (e.g. LDAP) group membership to an Nexus internal, repository management specific role.
You have to map the role of the user that you want to be able to deploy to a Nexus role that has write access to the repository you are targetting.
回答2:
Oh, thanks to Sonatype support team we realized that I missed up the step of 8.2. Enabling the LDAP Authentication Realm.
I just set it up and everything worked as expected.
Thanks also to you for trying to help me, Manfred.
Best regards,
/Ángel
来源:https://stackoverflow.com/questions/34090851/cant-apply-roles-effectively-on-sonatype-nexus-with-active-directory-users