Nexus sonatype groovy get LDAP user

Question

I'm trying to validate Nexus Sonatype configurations. I discovered Groovy scripts from here :

https://github.com/savoirfairelinux/ansible-nexus3-oss/tree/master/templates/groovy

I'm able to configure LDAP in Nexus Sonatype, or even create a new role (not from LDAP). But now I'm searching how to get LDAP users, to then put them in a specific group/rôle.

The Groovy script is the following :

import groovy.json.JsonSlurper
import org.sonatype.nexus.security.user.UserNotFoundException


parsed_args = new JsonSlurper().parseText(args)

try {
  // update an existing user
  user = security.securitySystem.getUser(parsed_args.username)

  /* I tried with 'setSource' but doesn't works... */
  user.setSource(parsed_args.source)

  user.setFirstName(parsed_args.first_name)
  user.setLastName(parsed_args.last_name)
  user.setEmailAddress(parsed_args.email)
  security.setUserRoles(parsed_args.username, parsed_args.roles)
  security.securitySystem.updateUser(user)
  security.securitySystem.changePassword(parsed_args.username, parsed_args.password)
  security.setUserRoles(parsed_args.username, parsed_args.roles)

} catch(UserNotFoundException ignored) {
  // create the new user
  security.addUser(parsed_args.username, parsed_args.first_name, parsed_args.last_name, parsed_args.email, true, parsed_args.password, parsed_args.roles)
  }

In the "Users" tab, Nexus selects the "default" source (not LDAP...). I searched in the nexus-public repository, in the org.sonatype.security group, but honestly I don't understand their classes... : https://github.com/sonatype/nexus-public/tree/master/components/nexus-security/src/main/java/org/sonatype/nexus/security

Anyone already did that ?

EDIT :

I tried this :

import groovy.json.JsonSlurper
import org.sonatype.nexus.security.user.UserNotFoundException
import org.sonatype.nexus.security.user.UserSearchCriteria

parsed_args = new JsonSlurper().parseText(args)


criteria = new UserSearchCriteria(userId: 'myUser', source: 'LDAP')
user = security.securitySystem.searchUsers(criteria)
//user.forEach { println it }
security.setUserRoles(user.userId, 'myRole')
security.securitySystem.updateUser(user)

Now my error is :

javax.script.ScriptException: groovy.lang.MissingMethodException: No signature of method: org.sonatype.nexus.security.internal.SecurityApiImpl.setUserRoles() is applicable for argument types: (java.util.ArrayList, java.util.ArrayList) values: [[myUser], [myRole]]\\nPossible solutions: setUserRoles(java.lang.String, java.util.List)\"\n}", "content_type": "application/json", "date": "Fri, 30 Dec 2016 10:05:51 GMT", "failed": true, "json": {"name": "setup_user", "result": "javax.script.ScriptException: groovy.lang.MissingMethodException: No signature of method: org.sonatype.nexus.security.internal.SecurityApiImpl.setUserRoles() is applicable for argument types: (java.util.ArrayList, java.util.ArrayList) values: [[myUser], [myRole]]\nPossible solutions: setUserRoles(java.lang.String, java.util.List)"}, "msg": "Status code was not [200, 204]: HTTP Error 400: Bad Request

Maybe, I have a problem with ArrayList type, I tried with '[]' but not better..

Answer 1

So to find all LDAP users, you can do something like this

import org.sonatype.nexus.security.user.UserSearchCriteria
criteria = new UserSearchCriteria(source: 'LDAP')
users = security.securitySystem.searchUsers(criteria)
users.forEach { println it }

From there, I'm not sure why you would switch the source, but this will get you a list of all LDAP users.