The LDAP Configuration panel also contains sections to manage User Element Mapping and Group Element Mapping as shown in ???.
The fields for both the User Element Mapping and Group Element Mapping sections are described in detail in Table 7.3, “User Element Mapping Configuration for LDAP Integration” and Table 7.4, “Group Element Mapping Configuration for LDAP Integration”.
Table 7.3. User Element Mapping Configuration for LDAP Integration
| Field Name | Description |
|---|---|
|
Base DN |
Corresponds to the Base DN containing user entries. This DN is going to be relative to the Search Base which was specified in ???. For example, if your users are all contained in "ou=users,dc=sonatype,dc=com" and you specified a Search Base of "dc=sonatype,dc=com" you would use a value of "ou=users" |
|
User Subtree |
True if there is a tree below the Base DN which can contain user entries. False if all users are contain within the specified Base DN. For example, if all users are in "ou=users,dc=sonatype,dc=com" this field should be false. If users can appear in organizational units within organizational units such as "ou=development,ou=users,dc=sonatype,dc=com" this field should be true. |
|
Object Class |
This value defaults to inetOrgPerson which is a standard object class defined in RFC 2798. inetOrgPerson contains standard fields such as mail, uid. Other possible values are posixAccount or a custom class. |
|
User ID Attribute |
This is the attribute of the Object class which supplies the User ID. Nexus will use this attribute as the Nexus User ID. |
|
Real Name Attribute |
This is the attribute of the Object class which supplies the real name of the user. Nexus will use this attribute when it needs to display the real name of a user. |
|
E-Mail Attribute |
This is the attribute of the Object class which supplies the email address of the user. Nexus will use this attribute when it needs to send an email to a user. |
|
Password Attribute |
This is the attribute of the Object class which supplies the password of the user. Nexus will use this attribute when it is authenticating a user against an LDAP server. |
|
Password Encoding |
Defines the preferred password encoding mechanism to be used when sending password data to the LDAP server. |
Table 7.4. Group Element Mapping Configuration for LDAP Integration
| Field Name | Description |
|---|---|
|
Group Type |
Groups are generally one of two types in LDAP systems - static or dynamic. A static group contains a list of users. A dynamic group is where the user contains a list of groups the user belongs to. In LDAP a static group would be captured in an entry with an Object class groupOfUniqueNames which contains one or more uniqueMember attributes. In a dynamic group configuration, each user entry in LDAP contains an attribute which lists group membership. |
|
Base DN |
This field is similar to the Base DN field described in Table 7.3, “User Element Mapping Configuration for LDAP Integration”. This field is visible if Static Groups is selected. If your groups were defined under "ou=groups,dc=sonatype,dc=com", this field would have a value of "ou=groups |
|
Group Subtree |
This field is similar to the User Subtree field described in Table 7.3, “User Element Mapping Configuration for LDAP Integration”. If all groups are defined under the entry defined in Base DN, this field should be false, if a group can be defined in a tree of organizational units under the Base DN, this field should be true. This field is visible if Static Groups is selected. |
|
Object Class |
This value defaults to groupOfUniqueNames which is a standard object class defined in RFC 4519 groupOfUniqueNames is simply a collection of references to unique entries in an LDAP directory and can be used to associate user entries with a group. Other possible values are posixGroup or a custom class. This field is visible if Static Groups is selected. |
|
Group ID Attribute |
Specifies the attribute of the Object class which specifies the Group ID. If the value of this field corresponds to the ID of a Nexus Role, members of this group will have the corresponding Nexus privileges. Defaults to "cn". This field is visible if Static Groups is selected. |
|
Group Member Attribute |
Specifies the attribute of the Object class which specifies a member of a group. A groupOfUniqueNames has multiple uniqueMember attributes for each member of a group. Defaults to "uniqueMember". This field is visible if Static Groups is selected. |
|
Group Member Format |
This field captures the format of the Group Member Attribute and it is used by Nexus to extract a username from this attribute. For example, if the Group Member Attribute has the format "uid=brian,ou=users,dc=sonatype,dc=com", then the Group Member Format would be "uid=$username,ou=users,dc=sonatype,dc=com". If the Group Member Attribute had the format "brian", then the Group Member Format would be "$username". This field is visible if Static Groups is selected. |
|
Member of Attribute |
When Dynamic Groups is selected, Nexus will inspect an attribute of the user entry to get a list of groups that the user is a member of. In this configuration, a user entry would have an attribute such as memberOf which would contain the name of a group. This field is visible if Dynamic Groups is selected. |
If your installation does not use Static Groups, you can configure Nexus LDAP Integration to refer to an attribute on the User entry to derive group membership. To do this, select Dynamic Groups in the Group Type field in Group Element Mapping. Selecting Dynamic Groups will show a single field named Member of Attribute as shown in ???.
