Configuring Nexus LDAP on Mac OS X

Question

Got Nexus installed, looks really nice.

The LDAP configuration is done in 2 parts. In the top half of the page, you provide the domain information and creds, etc., for authentication, then the bottom half is about user mapping.

I finally got the authentication to succeed. However, the user mapping is failing. I am getting the error:

There is an error communicating with the server.
LDAP Realm is not configured correctly: Failed to retrieve ldap information for users.
Nexus returned an error: ERROR 400: Bad Request

The curious thing is the only thing you really have to set at the bottom is the ou. I have that set to users. I read the docs and verified that the ou should not be in the search base above (dn) and I also noted that the successful auth (CRAM-MD5) is in the logs on the server.

Answer 1

Fixed this. Turns out that Open Directory does not use ou. Changing the Base DN to cn=users and Base DN = cn=groups. It works now. (Guess no one else is using Nexus on a mac mini server.)

For groups, I found these settings work:

Group Type: Static groups
Base DN: cn=groups
Groups Subtree: false
Object Class: posixGroup
Group ID Attribute: cn
Group Member Attribute: memberUid
Group Member Format: ${username}

You can find the keywords by testing with

ldapsearch -x -LLL -h <domain.name> -b "cn=groups,dc=<domain>,dc=<name>"