无法使用Active Directory用户在Sonatype Nexus上有效地应用角色 [英] Can't apply roles effectively on Sonatype Nexus with Active Directory users
问题描述
我正在尝试使用Sonatype Nexus OSS 2.11.2-06通过Active Directory对用户进行身份验证.遵循 https://books.sonatype.com/nexus-book/reference/ldap-sect-mapping-active-directory.html :
I'm trying to authenticate users through Active Directory with Sonatype Nexus OSS 2.11.2-06. Following https://books.sonatype.com/nexus-book/reference/ldap-sect-mapping-active-directory.html :
- 我已经设置了" LDAP配置"设置,以便检查身份验证"成功完成,当我单击"检查用户映射"时,它会显示我的Active Directory在"用户映射测试结果"上测试用户,它显示了与用户所属的组相对应的角色列表. 不错.
- 我已经使用与其他本地测试用户(使用Nexus网络界面创建的用户)相同的特权设置了这些角色. 确定.
- 当我在"用户"页面上列出"所有授权用户"时,它会显示出具有正确角色(AD组)的Active Directory测试用户,
Realm=LDAP和Status=Active. 很棒.
- I have set up "LDAP Configuration" settings so that "Check Authentication" is successfull and when I click on "Check user mapping" it shows up my Active Directory test users on "User Mapping Test Results" and it shows a list of roles that correspond with the groups to which the users belong to. Nice.
- I have set up those roles with the same privileges that I have already tested with other local test users (users created using the Nexus web interface). Ok.
- When I list the "All Authorized Users" on the "Users" page it shows up my Active Directory test users with the right roles (AD Groups),
Realm=LDAPandStatus=Active. Fantastic.
但是,当我尝试使用Maven("mvn deploy")部署工件时,部署失败: ReasonPhrase: Unauthorized :
But when I try to deploy artifacts with Maven ("mvn deploy") it fails deploying it: ReasonPhrase: Unauthorized:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project mvntest: Failed to deploy artifacts: Could not transfer artifact edu.ub.test:mvntest:jar:1.0-20151204.135744-4 from/to repotest00rw (https://xxxxxxx.ub.edu:yyyy/nexus/content/repositories/repotest00): Failed to transfer file: https://xxxxxxx.ub.edu:yyyy/nexus/content/repositories/repotest00/edu/ub/test/mvntest/1.0-SNAPSHOT/mvntest-1.0-20151204.135744-4.jar. Return code is: 401, ReasonPhrase: Unauthorized. -> [Help 1]
如果我使用具有相同角色(如Web UI所示)的那些本地测试用户(使用Nexus Web界面创建的用户)(设置为".m2/settings.xml"),则我可以毫无问题地部署工件.
If I use one of those local test users (users created using the Nexus web interface) (set on '.m2/settings.xml') with the same roles (as shown on Web UI) I can deploy artifacts without problems.
我为所有记录器设置了" DEBUG ",但找不到任何可以帮助我的东西,就像我被匿名用户对待一样:
I have set "DEBUG" to all loggers and I can't find anything that can help me, just looks like I'm been dealt as an anonymous user:
2015-12-04 14:49:26,969+0100 DEBUG [qtp-9795081-67] anonymous org.sonatype.sisu.goodies.eventbus.internal.DefaultEventBus - Event 'RepositoryItemEventRetrieve(sender="repotest00" [id=repotest00], repotest00:/edu/ub/test/mvntest/1.0-SNAPSHOT/maven-metadata.xml)' fired
2015-12-04 14:49:26,970+0100 DEBUG [qtp-9795081-67] anonymous org.sonatype.nexus.proxy.maven.maven2.M2Repository - repotest00 retrieveItem() :: FOUND repotest00:/edu/ub/test/mvntest/1.0-SNAPSHOT/maven-metadata.xml
2015-12-04 14:49:26,999+0100 DEBUG [qtp-9795081-58] org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve session ID from SessionKey [org.apache.shiro.web.session.mgt.WebSessionKey@601f6170]. Returning null to indicate a session could not be found.
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - No authorization found (header or request parameter)
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - No authorization found (header or request parameter)
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - No authorization found (header or request parameter)
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.sonatype.nexus.content.internal.ContentAuthenticationFilter - Attempting to authenticate Subject as Anonymous request...
2015-12-04 14:49:27,000+0100 DEBUG [qtp-9795081-58] *UNKNOWN org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [anonymous] from doGetAuthenticationInfo
有人可以帮助我吗?
非常感谢!
/天使
推荐答案
Oh, thanks to Sonatype support team we realized that I missed up the step of 8.2. Enabling the LDAP Authentication Realm.
我刚刚进行了设置,一切都按预期进行.
I just set it up and everything worked as expected.
也感谢您尝试帮助我,曼弗雷德.
Thanks also to you for trying to help me, Manfred.
最诚挚的问候,
/Ángel
这篇关于无法使用Active Directory用户在Sonatype Nexus上有效地应用角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
