Visit my.sonatype.com for documentation on Nexus Repository version 2.
We get this question quite a bit, what's the difference between the Nexus Repository 2 OSS LDAP and the Nexus Repository 2 Professional LDAP? There are several, but let's just hit the top four:
- Support for multiple LDAP servers.
- Support for geographic failover
- Support for multiple User and Group object mapping strategies
- Intelligent caching of authentication information
Support for Multiple LDAP Servers
Support For Geographic Failover
Support for Multiple Group and User Object Mappings
If you authenticate against LDAP you have many options for querying users and groups. You can use static groups or dynamic groups. Depending on the type of LDAP server (or Active Directory server) you will be querying different object types and looking at different attributes for passwords and usernames. In Nexus Repository 2 OSS, we offer some support for configuring User and Group mappings, enough to adapt to just about any situation. In Nexus Repository 2 Professional we offer User and Group mapping templates that are predefined based on common use cases. For example, if you are running Active Directory, we ship with sensible default templates. In addition to these templates, we offer the ability to have more than one User and Group Mapping for different LDAP servers.
This can come in very handy if you are dealing with more than one authentication source because, very often, those two LDAP servers have completely different models for tracking users and groups.
Intelligent Caching of Authentication Information
Nexus Repository 2 OSS LDAP is going to query your LDAP server every time it needs to authenticate a request. For example, if you have a Maven build that accesses Nexus with authentication, you are going to be hitting your LDAP server for every single artifact download request. If you have a group of developers that means that your Nexus Repository 2 server is going to be generating a huge amount of authentication traffic against your LDAP server.
Nexus Repository 2 Professional takes a very conservative approach to caching authentication information, we don't have such an over-eager cache that we're holding on to authentication events for too long. You'll never hear anything about Nexus Repository 2 not being up to date with an LDAP server, but we do cache information in the context of a request. You can configure how long authentication events are cached, but even a cache lifetime of a few minutes is enough to insulate yourself from the performance problem you might encounter with the uncached OSS version of the tool.
For the record, there's nothing wrong with the Nexus Repository 2 OSS LDAP from a performance perspective, it's a solid integration with LDAP and it has everything you'd expect from a product that supports LDAP.