Hello,
We started working with Sonarqube. We have a lot of personal working at the company, and I manage users with active directory. I want to manage our users using ldap with Sonarqube.
Below I gave extensive information about my system and logs. We’ve been trying Ldap settings for 3 days, but I didn’t get successful results. I’ve tried a lot of things, and now I’m going crazy. Ldap auth is not provided in any way.
I downloaded a tool called “ldap admin” to the desktop and can access it when I test it. (with starttls active, binddn, bindpassword, and userbasedn information…)
Please, please help me, I’m really going crazy.
Also, I have securely added my ssl certificate for active directory ldap as follows.
### linux command ###
#.cer format
[root@sonarqubeserver]# keytool-import-trustcacerts-alias ca-file /etc/pki/ca-trust/source/anchors/ldap-certificate.cer-keystore cacerts
[root@sonarqubeserver]# update-ca-trust
#.jks format
[root@sonarqubeserver]# cp /etc/pki/ca-trust/source/anchors/ldap-certificate.cer /etc/pki/ca-trust/source/anchors/ldap.cer
[root@sonarqubeserver]# keytool -importcert -file ldap.cer -keystore ldap-certificate.jks -alias "ActiveDirectory-Ldap"
update-ca-trust
--- I set the passwords to be 121212. I can verify it when I test it with the command below.
[root@sonarqubedc01 conf]# keytool -list --keystore /etc/pki/ca-trust/source/anchors/ldap-certificate.jks
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
activedirectory-ldap, Dec 30, 2020, trustedCertEntry,
Certificate fingerprint (SHA-256): D8:96:AD:F7:D6:C2:EC:45:B2:40:56:A1:C2:A4:AB:57:70:A1:78:B7:35:D9:F2:FC:3E:64:9C:31..
Sonarqube version, server informations… :
[root@sonarqubeserver conf]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@sonarqubeserver conf]# yum list installed |grep java
java-11-openjdk.x86_64 1:11.0.9.11-2.el7_9 @updates
java-11-openjdk-devel.x86_64 1:11.0.9.11-2.el7_9 @updates
java-11-openjdk-headless.x86_64 1:11.0.9.11-2.el7_9 @updates
java-11-openjdk-javadoc.x86_64 1:11.0.9.11-2.el7_9 @updates
java-11-openjdk-jmods.x86_64 1:11.0.9.11-2.el7_9 @updates
java-11-openjdk-src.x86_64 1:11.0.9.11-2.el7_9 @updates
java-11-openjdk-static-libs.x86_64 1:11.0.9.11-2.el7_9 @updates
javapackages-tools.noarch 3.4.1-11.el7 @base
python-javapackages.noarch 3.4.1-11.el7 @base
tzdata-java.noarch 2020d-2.el7 @updates
[root@sonarqubeserver conf]# pwd
/opt/sonarqube/conf
[root@sonarqubeserver conf]# ls
sonar.properties wrapper.conf
[root@sonarqubeserver conf]# cat sonar.properties | grep -v "#" |sort -bnr
### Web Settings ###
sonar.web.host=0.0.0.0
sonar.web.javaOpts=-Xms8192m -Xmx8192m -XX:+HeapDumpOnOutOfMemoryError
sonar.web.port=9000
sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/source/anchors/ldap-certificate.jks -Djavax.net.ssl.trustStorePassword=123456
#sonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/source/anchors/ldap-certificate.jks -Djavax.net.ssl.trustStorePassword=123456
### Database Settings ###
sonar.jdbc.password=12121212
sonar.jdbc.url=jdbc:postgresql://192.168.1.2:5432/sqdb
sonar.jdbc.username=squser
### Log Settings ###
sonar.web.accessLogs.enable=true
sonar.log.level.app=DEBUG
sonar.log.level.ce=DEBUG
sonar.log.level=DEBUG
sonar.log.level.es=DEBUG
sonar.log.level.web=DEBUG
sonar.path.logs=/var/log/sonarqube/
sonar.search.javaOpts=-Xms8192m -Xmx8192m -XX:+HeapDumpOnOutOfMemoryError
## Ldap General ##
sonar.security.realm=LDAP
ldap.url=ldaps://192.168.1.3:3269
#ldap.realm=mydomain
#ldap.authentication=simple
#sonar.authenticator.downcase=false
ldap.bindDN="CN=svcldapac,OU=ServiceAccounts,DC=mydomain,DC=net"
ldap.bindPassword=1212121212
ldap.StartTLS=true
## Ldap User ##
ldap.user.baseDn="CN=User Accounts,DC=mydomain,DC=net"
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute="cn"
ldap.user.emailAttribute="mail"
## ldap Group ##
ldap.group.baseDn="OU=Groups,DC=mydomain,DC=net"
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute="sAMAccountName"
[root@sonarqubeserver sonarqube]# tail -f /var/log/sonarqube/web.log
2020.12.30 13:52:14 INFO web[][o.s.s.s.LogServerId] Server ID: xxxxx
2020.12.30 13:52:14 INFO web[][org.sonar.INFO] Security realm: LDAP
2020.12.30 13:52:14 INFO web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn="CN=User Accounts,DC=mydomain,DC=net", request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute="cn", emailAttribute="mail"}
2020.12.30 13:52:14 INFO web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn="OU=Groups,DC=mydomain,DC=net", idAttribute="sAMAccountName", requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:6100026fcc053200b18391000002, Subject:CN=MYDOMAIN ENTERPRISE CA, DC=mydomain, DC=net, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:-431972142, Valid from:4/28/18, 12:54 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:461be05e3472d4dc2b166b32c759, Subject:CN=MYDOMAIN ROOT CA, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:781411179, Valid from:4/28/18, 12:01 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:52:14 INFO web[][o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
2020.12.30 13:52:14 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
at org.picocontainer.behaviors.Stored.start(Stored.java:110)
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:559)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.sonar.auth.ldap.LdapException: Unable to open LDAP connection
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:214)
at org.sonar.auth.ldap.LdapRealm.init(LdapRealm.java:63)
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:87)
... 19 common frames omitted
Caused by: javax.naming.CommunicationException: Connection or outbound has closed
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3432)
at java.naming/javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184)
at org.sonar.auth.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:119)
at org.sonar.auth.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:95)
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:210)
... 21 common frames omitted
Caused by: java.net.SocketException: Connection or outbound has closed
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1195)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:405)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:378)
at java.naming/com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1204)
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3379)
... 25 common frames omitted
2020.12.30 13:52:14 DEBUG web[][o.s.s.p.Platform] Background initialization of SonarQube done
2020.12.30 13:52:14 INFO web[][o.s.p.ProcessEntryPoint] Hard stopping process
2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager is shutting down
2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.ManagedNHttpClientConnectionImpl] http-outgoing-0 127.0.0.1:44300<->127.0.0.1:9001[ACTIVE][r:r]: Close
2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.InternalIODispatch] http-outgoing-0 [CLOSED]: Disconnected
2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager shut down
2020.12.30 13:52:14 DEBUG web[][o.s.s.a.TomcatAccessLog] Tomcat is stopped
when settings ldap.StartTLS=false,
[root@sonarqubeserver sonarqube]# tail -f /var/log/sonarqube/web.log
...
2020.12.30 13:52:14 INFO web[][o.s.s.s.LogServerId] Server ID: xxxxx
2020.12.30 13:56:19 INFO web[][org.sonar.INFO] Security realm: LDAP
2020.12.30 13:56:19 INFO web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn="CN=User Accounts,DC=mydomain,DC=net", request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute="cn", emailAttribute="mail"}
2020.12.30 13:56:19 INFO web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn="OU=Groups,DC=mydomain,DC=net", idAttribute="sAMAccountName", requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2020.12.30 13:56:19 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldaps://192.168.1.3:3269, java.naming.security.authentication=simple}
2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:6100026fcc053200b18391000002, Subject:CN=MYDOMAIN ENTERPRISE CA, DC=mydomain, DC=net, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:-431972142, Valid from:4/28/18, 12:54 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:461be05e3472d4dc2b166b32c759, Subject:CN=MYDOMAIN ROOT CA, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:781411179, Valid from:4/28/18, 12:01 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:56:19 INFO web[][o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
2020.12.30 13:56:19 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
at org.picocontainer.behaviors.Stored.start(Stored.java:110)
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:559)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.sonar.auth.ldap.LdapException: Unable to open LDAP connection
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:214)
at org.sonar.auth.ldap.LdapRealm.init(LdapRealm.java:63)
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:87)
... 19 common frames omitted
Caused by: javax.naming.CommunicationException: simple bind failed: 192.168.1.3:3269
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895)
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:280)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:719)
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.sonar.auth.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:137)
at org.sonar.auth.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:95)
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:210)
... 21 common frames omitted
Caused by: java.net.SocketException: Connection or outbound has closed
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1195)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:405)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:378)
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
... 35 common frames omitted
2020.12.30 13:56:19 DEBUG web[][o.s.s.p.Platform] Background initialization of SonarQube done
2020.12.30 13:56:19 INFO web[][o.s.p.ProcessEntryPoint] Hard stopping process
2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager is shutting down
2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.ManagedNHttpClientConnectionImpl] http-outgoing-0 127.0.0.1:44582<->127.0.0.1:9001[ACTIVE][r:r]: Close
2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.InternalIODispatch] http-outgoing-0 [CLOSED]: Disconnected
2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager shut down
2020.12.30 13:56:19 DEBUG web[][o.s.s.a.TomcatAccessLog] Tomcat is stopped