Visit my.sonatype.com for documentation on Nexus Repository version 2.
This is a known issue when using Nexus Repository 2 against Active Directory servers with very large numbers of groups, we will be fixing this in a future release.
As a workaround, you can try manually typing in the role name for the mapping. This usually works, but in some cases, it will still fail.
However, there is another workaround that will get you going if you run into this problem. Just create a regular (non-mapped) Nexus Repository 2 role with the same name as your AD group. Nexus Repository 2 expects role ID's to be unique in the system regardless of what security realm they come from, so it will map the privileges associated with this role to any LDAP user who is a member of a group with the same name.