Dev - Nexus
  1. Dev - Nexus
  2. NEXUS-4958

Testing Active Directory config works in test mode, not for actual log in

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.0.1
    • Fix Version/s: None
    • Component/s: LDAP
    • Labels:
      None
    • Environment:
      SLES -- Nexus Pro
    • Global Rank:
      23924

      Description

      If I "Check Authentication", "Check Login" or "Check User Mapping", I get successful results. But when I save my configuration and attempt to log into Nexus, I get "Incorrect username, password or no permission to use the Nexus User Interface. Try again."

      I am using "Simple Authentication", and I did not check "Use Password Attribute" .. binding to AD is adequate for me.

      I've tried clearing cookies, etc. just in case something was happening there.

      Ideas how to fix?

        Activity

        Hide
        Sonatype Support added a comment -

        This issue has not been updated for 10 business days. Automatically closing.

        Show
        Sonatype Support added a comment - This issue has not been updated for 10 business days. Automatically closing.
        Hide
        Sonatype Support added a comment -

        This issue has not been updated for 5 business days.

        If you have an update, please use the "Add Comment" action to let us know. If you have no other questions, please close this issue.

        If no update is received in the next 5 business days, this issue will be automatically closed.

        Thank you,

        The Sonatype Support Team

        Show
        Sonatype Support added a comment - This issue has not been updated for 5 business days. If you have an update, please use the "Add Comment" action to let us know. If you have no other questions, please close this issue. If no update is received in the next 5 business days, this issue will be automatically closed. Thank you, The Sonatype Support Team
        Hide
        Rich Seddon added a comment -

        Yes, that's exactly right. I'd do a test group mapping before getting too far, just to make sure it is working. Try mapping a group you know you are in to the admin role, for example.

        Show
        Rich Seddon added a comment - Yes, that's exactly right. I'd do a test group mapping before getting too far, just to make sure it is working. Try mapping a group you know you are in to the admin role, for example.
        Hide
        Tom Halliley added a comment -

        I had hoped to test authentication before having to map in the authorization piece

        Sounds like I'll want to create new Nexus roles that have the permissions I wish to grant, then map each relevant Active Directory group to these new roles. Correct?

        Show
        Tom Halliley added a comment - I had hoped to test authentication before having to map in the authorization piece Sounds like I'll want to create new Nexus roles that have the permissions I wish to grant, then map each relevant Active Directory group to these new roles. Correct?
        Hide
        Rich Seddon added a comment -

        You need to map Nexus roles to either LDAP groups, or LDAP users.

        For users, you go to "administration/users", and select "add/external user mapping". Type in an ldap user ID, and then select what Nexus roles you want them to have.

        You'll want to give at least "nexus anonymous role", "ui: base ui privilges", and some read permissions.

        Alternatively, you can map an LDAP group to a set of Nexus roles under "administration/roles".

        Show
        Rich Seddon added a comment - You need to map Nexus roles to either LDAP groups, or LDAP users. For users, you go to "administration/users", and select "add/external user mapping". Type in an ldap user ID, and then select what Nexus roles you want them to have. You'll want to give at least "nexus anonymous role", "ui: base ui privilges", and some read permissions. Alternatively, you can map an LDAP group to a set of Nexus roles under "administration/roles".
        Hide
        Tom Halliley added a comment -

        I tried enabling my LDAP realm on the "Server" tab. No dice.

        I'm not sure what you mean by an "external user mapping". I've provided the root DN, etc., and a test log in via the "Test Login" button succeeds as expected.

        Show
        Tom Halliley added a comment - I tried enabling my LDAP realm on the "Server" tab. No dice. I'm not sure what you mean by an "external user mapping". I've provided the root DN, etc., and a test log in via the "Test Login" button succeeds as expected.
        Hide
        Rich Seddon added a comment -

        Also, I assume you set up either an external user mapping or an external user mapping with login privileges?

        Show
        Rich Seddon added a comment - Also, I assume you set up either an external user mapping or an external user mapping with login privileges?
        Hide
        Brian Demers added a comment -

        Have you enabled the realm on the 'Server' tab?

        Show
        Brian Demers added a comment - Have you enabled the realm on the 'Server' tab?

          People

          • Assignee:
            Unassigned
            Reporter:
            Tom Halliley
            Last Updated By:
            Rich Seddon
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Date of First Response: