Adding LDAP admin via nexus API

This post is in English, to help others developpers as me.

In my company, we want to automate Nexus installation into virtuals machines. we are in a DevOps strategy. And the road is not easy.

  • find a Ansible role : savoirfairelinux/ansible-nexus-oss3
  • connect nexus to the LDAP
  • connect nexus with the mail server
  • automatically add some users as admin.

Each of this tasks could be a blogpost. I consider only the last one for today.

You will find the source code in my github account. But you need to know what a hard way it was.

  • How to search into the LDAP ? (I had some trouble, but i could come from the ldap host)
  • How to get the nx-admin role ?
  • How to add it to a User ?
  • How can i browse the api
  • What are the object exposed ? how to get access to it ?
  • Can i had a local role to a non-local user (LDAP) ?
  • How to save a User ?
  • How are Role / User / Realm related ? Are Realm common to Users and Roles ?
  • Should the groovy API return the result ?

Moreover, for uploading a groovy script into the nexus server to be executed, you need to do a http PUT request to the rest API. That seems silly ! Use the rest API to use the groovy API.

At last, the trick was not to use the method provided by the API, but adding the role to the User.roles Collection !

Please, you, as a project creator - a world class successful project - HAD to provide some docs ! Telling developper to browse the API, searching it into the maven repo is really unfair.

So at first, you need to upload the script. I use a java project for this : https://github.com/rburgst/nexus-addscript. But you will need graddle installed.

Post the groovy 'add_ldap_user' script to the rest API

java -jar "$HOME/nexus-addscript/build/libs/nexus-addscript-all.jar" -u "admin" -p "changeme" -n "add_user_admin" -f "./add_ldapuser_role.groovy" -h "http://192.168.56.102:7075/nexus"

Run the script

curl -v -X POST -u admin:changeme -H "Accept: application/json" -H "Content-Type: text/plain" 'http://192.168.56.102:7075/nexus/service/siesta/rest/v1/script/add_user_admin/run'

You could send some json parameters to your script if wyou wish.

Thanks for reading.