diff --git a/.gitignore b/.gitignore
index 164fffb..32d7f40 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
.idea/
provision/provision-nexus/sources/
shared/
+binaries/
diff --git a/README.md b/README.md
index 90f1038..d7ea111 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ This will:
* Configure the NuGet `nuget-hosted` repository to accept pushing with an API key.
* Schedule a task to remove the old snapshots from the `maven-snapshots` repository.
* Create users and a custom `deployer` role.
+ * Setup an Active Directory LDAP user authentication source (when `config_authentication='ldap'` is set inside the `provision-nexus.sh` file).
* For more details look inside the [provision/provision-nexus](provision/provision-nexus) directory.
* Setup nginx as a Nexus HTTPS proxy and static file server.
* Test the installed repositories by [using and publishing to them](provision/test.sh).
diff --git a/Vagrantfile b/Vagrantfile
index 7642f3b..bff6f3d 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -50,4 +50,9 @@ Vagrant.configure(2) do |config|
config.vm.provision :shell, path: 'provision/windows/ps.ps1', args: ['use-chocolatey-repository.ps1', nexus_domain]
config.vm.provision :shell, path: 'provision/windows/ps.ps1', args: ['use-powershell-repository.ps1', nexus_domain]
end
+
+ config.trigger.before :up, :vm => ['nexus'] do
+ ldap_ca_cert_path = '../windows-domain-controller-vagrant/tmp/ExampleEnterpriseRootCA.der'
+ run "sh -c 'mkdir -p shared && cp #{ldap_ca_cert_path} shared'" if File.file? ldap_ca_cert_path
+ end
end
diff --git a/provision/execute-provision-ldap.groovy-script.sh b/provision/execute-provision-ldap.groovy-script.sh
new file mode 100644
index 0000000..5d59b55
--- /dev/null
+++ b/provision/execute-provision-ldap.groovy-script.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -eux
+
+. /vagrant/provision/nexus-groovy.sh
+
+# run the provision script.
+response=$(nexus-groovy provision-ldap)
+echo "$response" | jq '.result | fromjson'
diff --git a/provision/provision-nexus.sh b/provision/provision-nexus.sh
index 07d42fe..20fc647 100644
--- a/provision/provision-nexus.sh
+++ b/provision/provision-nexus.sh
@@ -2,6 +2,13 @@
set -eux
+# use the local nexus user database.
+config_authentication='nexus'
+# OR use LDAP.
+# NB this assumes you are running the Active Directory from https://github.com/rgl/windows-domain-controller-vagrant.
+#config_authentication='ldap'
+
+
# install java.
apt-get install -y default-jre
@@ -45,6 +52,15 @@ sed -i -E 's,\.\./sonatype-work/,,g' bin/nexus.vmoptions
popd
+# trust the LDAP server certificate for user authentication (when enabled).
+# NB this assumes you are running the Active Directory from https://github.com/rgl/windows-domain-controller-vagrant.
+if [ "$config_authentication" = 'ldap' ]; then
+echo '192.168.56.2 dc.example.com' >>/etc/hosts
+openssl x509 -inform der -in /vagrant/shared/ExampleEnterpriseRootCA.der -out /usr/local/share/ca-certificates/ExampleEnterpriseRootCA.crt
+update-ca-certificates
+fi
+
+
# start nexus.
cat >/etc/systemd/system/nexus.service <<'EOF'
[Unit]
@@ -78,3 +94,8 @@ wget -qO- http://localhost:8081/service/extdirect/poll/rapture_State_get | jq .d
# configure nexus with the groovy script.
bash /vagrant/provision/execute-provision.groovy-script.sh
+
+# configure nexus ldap with a groovy script.
+if [ "$config_authentication" = 'ldap' ]; then
+ bash /vagrant/provision/execute-provision-ldap.groovy-script.sh
+fi
diff --git a/provision/provision-nexus/Makefile b/provision/provision-nexus/Makefile
index e2898d8..c2e2ccd 100644
--- a/provision/provision-nexus/Makefile
+++ b/provision/provision-nexus/Makefile
@@ -1,3 +1,5 @@
+all: sources binaries
+
sources: sources-download
mkdir -p sources
cd sources && \
@@ -11,7 +13,14 @@ sources: sources-download
sources-download:
mvn dependency:sources
-clean:
- rm -rf sources
+binaries: binaries-download
-.PHONY: sources sources-download clean
+binaries-download:
+ mkdir -p binaries
+ wget -qO- https://sonatype-download.global.ssl.fastly.net/nexus/3/nexus-3.6.0-02-unix.tar.gz \
+ | tar xzf - --strip-components 1 -C binaries
+
+clean:
+ rm -rf sources binaries
+
+.PHONY: sources sources-download binaries-download clean
diff --git a/provision/provision-nexus/README.md b/provision/provision-nexus/README.md
index 6ff3045..e17e899 100644
--- a/provision/provision-nexus/README.md
+++ b/provision/provision-nexus/README.md
@@ -3,7 +3,7 @@ Open this directory with [IntelliJ IDEA Community Edition](https://www.jetbrains
Inside IDEA you can browse the sources with `control+left-click` to see which methods are available.
To execute the `src/main/groovy/provision.groovy` file inside the Vagrant
-environment run `bash /vagrant/execute-provision.groovy-script.sh`.
+environment run `bash /vagrant/provision/execute-provision.groovy-script.sh`.
For more information see the Nexus [scripting documentation](https://help.sonatype.com/display/NXRM3/REST+and+Integration+API) and [examples](https://github.com/sonatype/nexus-book-examples/tree/nexus-3.x/scripting).
diff --git a/provision/provision-nexus/pom.xml b/provision/provision-nexus/pom.xml
index 9c63d96..c6c3b37 100644
--- a/provision/provision-nexus/pom.xml
+++ b/provision/provision-nexus/pom.xml
@@ -46,5 +46,12 @@
nexus-script-plugin
${nx-version}
+
+ org.sonatype.nexus.plugins
+ nexus-ldap-plugin
+ ${nx-version}
+ system
+ ${project.basedir}/binaries/system/com/sonatype/nexus/plugins/nexus-ldap-plugin/${nx-version}/nexus-ldap-plugin-${nx-version}.jar
+
\ No newline at end of file
diff --git a/provision/provision-nexus/provision-nexus.iml b/provision/provision-nexus/provision-nexus.iml
index 2dc0871..a00e873 100644
--- a/provision/provision-nexus/provision-nexus.iml
+++ b/provision/provision-nexus/provision-nexus.iml
@@ -139,5 +139,14 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/provision/provision-nexus/src/main/groovy/provision-ldap.groovy b/provision/provision-nexus/src/main/groovy/provision-ldap.groovy
new file mode 100644
index 0000000..7ef4a1e
--- /dev/null
+++ b/provision/provision-nexus/src/main/groovy/provision-ldap.groovy
@@ -0,0 +1,47 @@
+// run this file inside the Vagrant environment with bash /vagrant/provision/execute-provision-ldap.groovy-script.sh
+// see https://help.sonatype.com/display/NXRM3/REST+and+Integration+API
+// see https://github.com/sonatype/nexus-book-examples/tree/nexus-3.x/scripting/nexus-script-example
+
+import groovy.json.JsonOutput
+import org.sonatype.nexus.ldap.persist.LdapConfigurationManager
+import org.sonatype.nexus.ldap.persist.entity.Connection
+import org.sonatype.nexus.ldap.persist.entity.LdapConfiguration
+import org.sonatype.nexus.ldap.persist.entity.Mapping
+
+ldapManager = container.lookup(LdapConfigurationManager.class.name)
+
+if (!ldapManager.listLdapServerConfigurations().any { it.name == "dc.example.com" }) {
+ ldapManager.addLdapServerConfiguration(
+ new LdapConfiguration(
+ name: 'dc.example.com',
+ connection: new Connection(
+ host: new Connection.Host(Connection.Protocol.ldaps, 'dc.example.com', 636),
+ connectionTimeout: 30,
+ connectionRetryDelay: 300,
+ maxIncidentsCount: 3,
+ searchBase: 'dc=example,dc=com',
+ authScheme: 'simple',
+ systemUsername: 'jane.doe@example.com',
+ systemPassword: 'HeyH0Password',
+ ),
+ mapping: new Mapping(
+ userBaseDn: 'cn=users',
+ userObjectClass: 'user',
+ ldapFilter: '(&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
+ userIdAttribute: 'sAMAccountName',
+ userRealNameAttribute: 'cn',
+ emailAddressAttribute: 'mail',
+ userPasswordAttribute: '',
+ ldapGroupsAsRoles: true,
+ userMemberOfAttribute: 'memberOf',
+ )
+ )
+ )
+}
+
+ldapUsers = security.securitySystem.searchUsers(new UserSearchCriteria(source: 'LDAP'))
+return JsonOutput.toJson([
+ ldapUsers: ldapUsers.sort { it.userId },
+ ldapGroups: security.securitySystem.listRoles('LDAP').sort { it.roleId },
+ roles: security.securitySystem.listRoles().sort { it.roleId },
+])