This is a known issue when using Nexus against Acitve Directory servers with very large numbers of groups, we will be fixing this in a future release.
As a workaround, you can try manually typing in the role name for the mapping. This usually works, but in some cases it will still fail.
However, there is another workaround which will get you going if you run into this problem. Just create a regular (non-mapped) Nexus role with the same name as your AD group. Nexus expects role ID's to be unique in the system regardless of what security realm they come from, so it will map the privileges associated with this role to any LDAP user who is a member of a group with the same name.
Nexus does not list all available LDAP groups in external role mapping dialog
Have more questions? Submit a request
8 Comments
Hi Rich,
is there anything in plan to solve the problem. The workaround only works with Nexus Admin Role bound to the non mapped pseudo AD-Nexus-Group. I must miss an important role or privilege but I have no idea which.
We only get around this problem by adding each user to Nexus.
Peter
I forgot, we are running Sonatype Nexus™ Professional Edition, Version: 2.11.1-01.
The solution above is not restricted to any particular role, it works for all roles. It sounds like something else is going on. Can you raise a support ticket?
I'm also having the same issues. Nexus 2.12.0-01.
Using Dynamic Groups type for the mapping.
Any solution planned for this?
Thanks
This article worked for me:
https://support.sonatype.com/hc/en-us/articles/213465598-How-to-Configure-Nexus-to-use-Active-Directory-Nested-Groups
This issue is still not fixed in Nexus 3, M7. The workaround is same: create Nexus Role with the same names.
We are closing this article for comments.
If you have a support license, please contact us by submitting a support ticket.
If you do not have a support license, please use our Nexus Users List or our other free support resources.