We get this question quite a bit, what's the difference between the Nexus OSS LDAP and the Nexus Professional LDAP? There are several, but let's just hit the top four:
- Support for multiple LDAP servers.
- Support for geographic failover
- Support for multiple User and Group object mapping strategies
- Intelligent caching of authentication information
Support for Multiple LDAP Servers
Support For Geographic Failover
Support for Multiple Group and User Object Mappings
If you authenticate against LDAP you have many options for querying users and groups. You can use static groups or dynamic groups. Depending on the type of LDAP server (or Active Directory server) you will be querying different object types and looking at different attributes for passwords and usernames. In Nexus OSS, we offer some support for configure User and Group mappings, enough to adapt to just about any situation. In Nexus Professional we offer User and Group mapping templates that predefined based on common use cases. For example, if you are running Active Directory, we ship with sensible default templates. In addition to these templates, we offer the ability to have more than one User and Group Mapping for different LDAP servers.
This can come in very handy if you are dealing with more than one authentication source because, very often, those two LDAP servers having completely different models for tracking users and groups.
Intelligent Caching of Authentication Information
Nexus OSS LDAP is going to query your LDAP server every time it needs to authenticate a request. For example, if you have a Maven build that accesses Nexus with authentication, you are going to be hitting your LDAP server for every single artifact download request. If you have a group of developers that means that your Nexus server is going to be generating a huge amount of authentication traffic against your LDAP server.
Nexus Professional takes a very conservative approach to caching authentication information, we don't have such an over-eager cache that we're holding on to authentication events for too long. You'll never hear anything about Nexus not being up to date with an LDAP server, but we do cache information in the context of a request. You can configure how long authentication events are cached, but even a cache lifetime of a few minutes is enough to insulate yourself from the performance problem you might encountered with the uncached OSS version of the tool.
For the record, there's nothing wrong with the Nexus OSS LDAP from a performance perspective, it's a solid integration with LDAP and it has everything you'd expect from a product that supports LDAP. We're not big believers in creating open source versions of professional features that are limited to motivate sales The OSS support for LDAP is a solid option.