Hello World !
I opened a different topic that I followed earlier and didn’t get a response from. I asked for support there that I could not provide an ssl connection over ldaps.
Now I’m trying to do my first tests by connecting with simple method without ssl.
The Ldap connection is successful, but when the user sends a login request, it gives the error code “LDAP: error code 1 - 000004DC: LdapErr: dsid-0C090A4C”. In many places, the user has written that there is a password error, but I can get a response when manually check it with the ldapsearch command.
I also have different ldap applications that use my active directory environment and they work well. (eg jira, jenkins etc …)
When I investigated this problem, I found that many users can connect with similar configurations. When I check attribute and other definitions with the Ldap Admin tool, the parameter that requires a different setting does not appear. But I can’t connect. I got a successful result on the test I did manually, and I know that I actually need to be able to connect. But it looks like a bug on the basis of this app.
I am sharing my information below, can you help me? (I really need it, I’m going crazy.)
Ldap User: test.user
Server Os: CentOS Linux release 7.9.2009 (Core)
Sonarqube Version: sonarqube-enterprise-8.6.0.39681 (onpremise)
[root@sonarqubeserver]# cat sonar.properties
…
sonar.security.realm=LDAP
ldap.url=ldap://192.168.1.2:3268ldap.realm=mydomain.net
ldap.authentication=simple
sonar.authenticator.downcase=trueldap.bindDN=CN=adsvcuser,OU=ServiceAccounts,DC=mydomain,DC=net
ldap.bindPassword=PasswordTest123!Testttldap.user.baseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mailldap Group
ldap.group.baseDn=OU=Groups,DC=mydomain,DC=net
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute=sAMAccountName
[root@sonarqubeserver]# ldapsearch -x -b "OU=TR,OU=User Accounts,DC=mydomain,DC=net" -D "CN=adsvcuser,OU=ServiceAccounts,DC=mydomain,DC=net" -H ldap://192.168.1.2:3268 -w 'PasswordTest123!Testtt' "(&(objectClass=user)(sAMAccountName=test.user))"
# extended LDIF
#
# LDAPv3
# base <OU=TR,OU=User Accounts,DC=mydomain,DC=net> with scope subtree
# filter: (&(objectClass=user)(sAMAccountName=test.user))
# requesting: ALL
#
# test.user, TR, User Accounts, mydomain.net
dn: CN=test.user,OU=TR,OU=User Accounts,DC=mydomain,DC=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test.user
sn: user
c: TR
l: Istanbul
telephoneNumber: 12312412312412
givenName: test
distinguishedName: CN=test.user,OU=TR,OU=User Accounts,DC=mydomain,DC=net
instanceType: 4
whenCreated: 12312412341232.0Z
whenChanged: 41231231241231.0Z
displayName: test.user | MyDomain
uSNCreated: 35664044
memberOf: xxx
...
uSNChanged: 174906273
name: test.user
objectGUID:: fklasjdkalsjdklafjakls==
userAccountControl: 512
primaryGroupID: 513
objectSid:: asajknfajsnqwe1samndnomnfndsmadn==
sAMAccountName: test.user
sAMAccountType: 214123342
userPrincipalName: test.user@mydomain.net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=net
dSCorePropagationData: 12312412312563.0Z
dSCorePropagationData: 56890458497343.0Z
lastLogonTimestamp: 132540485078534934
mail: test.user@mydomain.net
manager: CN=Mrs X,OU=TR,OU=User Accounts,DC=mydomain,DC=net
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1```
[root@sonarqubeserver]# tail -f /var/log/sonarqube/web.log
```2021.01.03 15:15:32 INFO web[][o.s.s.s.LogServerId] Server ID: 009D8FBF-AXaV6VA34sr7wSvC2UBW
2021.01.03 15:15:32 INFO web[][org.sonar.INFO] Security realm: LDAP
2021.01.03 15:15:32 INFO web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2021.01.03 15:15:32 INFO web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=OU=Groups,DC=mydomain,DC=net, idAttribute=sAMAccountName, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2021.01.03 15:15:32 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.sasl.realm=mydomain.net, java.naming.provider.url=ldap://192.168.1.2:3268, java.naming.security.authentication=simple}
2021.01.03 15:15:32 INFO web[][o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://192.168.1.2:3268: OK
2021.01.03 15:15:32 INFO web[][org.sonar.INFO] Security realm started
2021.01.03 15:15:32 WARN web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/plugins/download
...
...
...
2021.01.03 15:15:44 DEBUG web[][o.s.s.p.ServerLifecycleNotifier] Notify ServerStopHandler handlers...
2021.01.03 15:15:44 INFO web[][o.s.s.p.Platform] WebServer is operational
2021.01.03 15:15:44 DEBUG web[][o.s.s.p.Platform] Background initialization of SonarQube done
2021.01.03 15:16:11 DEBUG web[AXbILSguJzbHg1R2AAAB][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|82.24.129.13][login|]
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] Requesting details for user test.user
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapSearch] Search: LdapSearch{baseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[test.user], attributes=[mail, cn]}
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.sasl.realm=mydomain.net, java.naming.provider.url=ldap://192.168.1.2:3268, java.naming.security.authentication=simple}
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] User test.user not found in <default>
2021.01.03 15:16:23 ERROR web[AXbILSguJzbHg1R2AAAE][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.auth.ldap.LdapException: Unable to retrieve details for user test.user in <default>
at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
... 51 common frames omitted
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][auth.event] login failure [cause|Unable to retrieve details for user test.user in <default>][method|FORM][provider|REALM|LDAP][IP|127.0.0.1|82.24.129.13][login|test.user]```