Repository Management with Nexus

8.10. Mapping External Roles to Nexus Roles

Nexus makes it very straightforward to map an external role to an internal Nexus role. This is something you would do, if you want to grant every member of an externally managed group (such as an LDAP group) a certain privilege in Nexus. For example, assume that you have a group in LDAP named "svn" and you want to make sure that everyone in the "svn" group has Nexus Administrative privileges. To do this, you would click on the Add.. drop-down in the Role panel as shown in Figure 8.13, “Selecting External Role Mapping in the Role Management Panel”. This drop-down can be found in the Role management panel which is opened by clicking on Roles in the Security menu.

figs/web/ldap_mapping-external-role.png

Figure 8.13. Selecting External Role Mapping in the Role Management Panel


Selecting External Role Mapping under Add… will show you a dialog which contains a drop-down of External Realms. Selecting an external realm such as LDAP will then bring up a list of roles managed by that external realm. The dialog shown in Figure 8.14, “Selecting an Externally Managed Role to Map to a Nexus Role” shows the external realm LDAP selected and the role "svn" being selected to map to a Nexus role.

figs/web/ldap_mapping-external-role-select.png

Figure 8.14. Selecting an Externally Managed Role to Map to a Nexus Role


Once the external role has been selected, Nexus will create a corresponding Nexus Role. You can then assign other roles to this new externally mapped role. Figure 8.15, “Mapping an External Role to a Nexus Role” shows that the SVN role from LDAP is being assigned the Nexus Administrator Role. This means that any user that is authenticated against the external LDAP Realm who is a member of the svn LDAP group will be assigned a Nexus role that maps to the Nexus Administrator Role.

figs/web/ldap_mapping-external-role-config.png

Figure 8.15. Mapping an External Role to a Nexus Role