8.10. Mapping External Roles to Repository Manager Roles

Nexus Repository Manager OSS and Nexus Repository Manager make it very straightforward to map an external role to an internal role. This is something you would do, if you want to grant every member of an externally managed group (such as an LDAP group) a certain privilege in the repository manager. For example, assume that you have a group in LDAP named svn and you want to make sure that everyone in the svn group has administrative privileges. To do this, you would click on the Add.. drop-down in the Roles panel as shown in Figure 8.14, “Selecting External Role Mapping in the Role Management Panel”. This drop-down can be found in the roles management panel which is opened by clicking on Roles in the Security menu.


Figure 8.14. Selecting External Role Mapping in the Role Management Panel

Selecting External Role Mapping under Add… will show you a dialog containing a drop-down of External Realms. Selecting an external realm such as LDAP will then bring up a list of roles managed by that external realm. The dialog shown in Figure 8.15, “Selecting an Externally Managed Role to Map to an Internal Role” shows the external realm LDAP selected and the role "svn" being selected to map to a role.


Figure 8.15. Selecting an Externally Managed Role to Map to an Internal Role

Once the external role has been selected, the repository manager creates a corresponding role. You can then assign other roles to this new externally mapped role. Figure 8.16, “Mapping an External Role to an Internal Role” shows that the SVN role from LDAP is being assigned the Administrator Role. This means that any user that is authenticated against the external LDAP Realm who is a member of the svn LDAP group will be assigned a role that maps to the Administrator Role.


Figure 8.16. Mapping an External Role to an Internal Role