I installed Sonatype Nexus OSS 3.42.0-01, now I'm trying to configure LDAP using a script.
This is because I need to deploy new servers and automate the configuration
I created this groovy scrip:
import org.sonatype.nexus.ldap.persist.LdapConfigurationManager
import org.sonatype.nexus.ldap.persist.entity.LdapConfiguration
import org.sonatype.nexus.ldap.persist.entity.Connection
import org.sonatype.nexus.ldap.persist.entity.Mapping
def ldapConfigMgr = container.lookup(LdapConfigurationManager.class.getName());
def ldapConfig = new LdapConfiguration()
ldapConfig.setName("MYLDAP")
// Connection
connection = new Connection()
connection.setHost(new Connection.Host(Connection.Protocol.valueOf("ldaps"), "192.168.10.100", Integer.valueOf("636")))
connection.setAuthScheme("simple")
connection.setSystemUsername("uid=appauth,ou=auth,ou=nexus_cicd,ou=Applications,dc=my,dc=domain,dc=local")
connection.setSystemPassword("***********")
connection.setSearchBase("dc=my,dc=domain,dc=local")
connection.setConnectionTimeout(30)
connection.setConnectionRetryDelay(300)
connection.setMaxIncidentsCount(3)
connection.setUseTrustStore(Boolean.valueOf("False"))
ldapConfig.setConnection(connection)
// Mapping
mapping = new Mapping()
mapping.setUserBaseDn("ou=People")
mapping.setLdapFilter("")
mapping.setUserObjectClass("InetOrgPerson")
mapping.setUserIdAttribute("uid")
mapping.setUserRealNameAttribute("cn")
mapping.setEmailAddressAttribute("mail")
// MStatic Mapping
mapping.setLdapGroupsAsRoles(true)
mapping.setGroupBaseDn("ou=groups,ou=nexus_cicd,ou=Apllications")
mapping.setGroupObjectClass("groupOfNames")
mapping.setGroupIdAttribute("cn")
mapping.setGroupMemberAttribute("member")
mapping.setGroupMemberFormat("uid=${username},ou=People,dc=my,dc=domain,dc=local")
mapping.setUserSubtree("True")
mapping.setGroupSubtree("False")
ldapConfig.setMapping(mapping)
ldapConfigMgr.addLdapServerConfiguration(ldapConfig)
But when I try to run it, I receive errors "unable to resolve class"
# groovy /tmp/script/ldap.groovy
org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
/tmp/script/ldap.groovy: 3: unable to resolve class org.sonatype.nexus.ldap.persist.entity.Connection
@ line 3, column 1.
import org.sonatype.nexus.ldap.persist.entity.Connection
^
/tmp/script/ldap.groovy: 1: unable to resolve class org.sonatype.nexus.ldap.persist.LdapConfigurationManager
@ line 1, column 1.
import org.sonatype.nexus.ldap.persist.LdapConfigurationManager
^
/tmp/script/ldap.groovy: 2: unable to resolve class org.sonatype.nexus.ldap.persist.entity.LdapConfiguration
@ line 2, column 1.
import org.sonatype.nexus.ldap.persist.entity.LdapConfiguration
^
/tmp/script/ldap.groovy: 4: unable to resolve class org.sonatype.nexus.ldap.persist.entity.Mapping
@ line 4, column 1.
import org.sonatype.nexus.ldap.persist.entity.Mapping
^
/tmp/script/ldap.groovy: 16: unable to resolve class Connection.Host
@ line 16, column 20.
connection.setHost(new Connection.Host(Connection.Protocol.valueOf("ldaps"), "10.234.254.9", Integer.valueOf("636")))
^
5 errors
Is it correct my approac?
Or I need to use different tools?
How can fix it?
Where can I download or pass the correct jar?
Dislaimer: I'm the maintainer of the below linked ansible role. The original groovy script was first created by @savoirfairelinux
Configuring ldap through groovy in nexus is hard as you will have to use internal classes which are not supposed to be available to end users and can change without previous notice.
For an example of a working script you can see the one available in my ansible role: https://github.com/ansible-ThoTeam/nexus3-oss/blob/main/files/groovy/setup_ldap.groovy. The script expects a dictionnary for which you can find an example in the role documentation. ldap_connections in that link is a list. The script is called once for each element in that list.
Meanwhile, this script has been here since the very begenning of the project (a hard fork of an unmaintained previous role) and the objective on the long term is to get rid off that script (as mainly all other groovy scripts in that role) to use the stable and public REST API
Although the script has been rather stable for the last 2 year, you can have a look at this post on sonatype community to understand the risk of getting your script broken on any nexus version upgrade. As you will see in that post, I don't event know how the original script was baked and I simply used it as is. And from the answer I got from the guy from sonatype, the chances you can get the related jars and documentation are close to zero.
My 2 cent if you are going for a new project: don't use groovy scripting for anything in nexus. There's a stable API, use it.