About the SonarQube ldaps integration problem

SonarQube
, ,
1

Hello,

We started working with Sonarqube. We have a lot of personal working at the company, and I manage users with active directory. I want to manage our users using ldap with Sonarqube.

Below I gave extensive information about my system and logs. We’ve been trying Ldap settings for 3 days, but I didn’t get successful results. I’ve tried a lot of things, and now I’m going crazy. Ldap auth is not provided in any way.

I downloaded a tool called “ldap admin” to the desktop and can access it when I test it. (with starttls active, binddn, bindpassword, and userbasedn information…)

Please, please help me, I’m really going crazy.

Also, I have securely added my ssl certificate for active directory ldap as follows.

### linux command ###
#.cer format
[root@sonarqubeserver]# keytool-import-trustcacerts-alias ca-file /etc/pki/ca-trust/source/anchors/ldap-certificate.cer-keystore cacerts
[root@sonarqubeserver]# update-ca-trust

#.jks format
[root@sonarqubeserver]# cp /etc/pki/ca-trust/source/anchors/ldap-certificate.cer /etc/pki/ca-trust/source/anchors/ldap.cer
[root@sonarqubeserver]# keytool -importcert -file ldap.cer -keystore ldap-certificate.jks -alias "ActiveDirectory-Ldap"
update-ca-trust

--- I set the passwords to be 121212. I can verify it when I test it with the command below.
[root@sonarqubedc01 conf]# keytool -list --keystore /etc/pki/ca-trust/source/anchors/ldap-certificate.jks
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

activedirectory-ldap, Dec 30, 2020, trustedCertEntry,
Certificate fingerprint (SHA-256): D8:96:AD:F7:D6:C2:EC:45:B2:40:56:A1:C2:A4:AB:57:70:A1:78:B7:35:D9:F2:FC:3E:64:9C:31..

Sonarqube version, server informations… :
[root@sonarqubeserver conf]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

[root@sonarqubeserver conf]# yum list installed |grep java
java-11-openjdk.x86_64                1:11.0.9.11-2.el7_9              @updates
java-11-openjdk-devel.x86_64          1:11.0.9.11-2.el7_9              @updates
java-11-openjdk-headless.x86_64       1:11.0.9.11-2.el7_9              @updates
java-11-openjdk-javadoc.x86_64        1:11.0.9.11-2.el7_9              @updates
java-11-openjdk-jmods.x86_64          1:11.0.9.11-2.el7_9              @updates
java-11-openjdk-src.x86_64            1:11.0.9.11-2.el7_9              @updates
java-11-openjdk-static-libs.x86_64    1:11.0.9.11-2.el7_9              @updates
javapackages-tools.noarch             3.4.1-11.el7                     @base
python-javapackages.noarch            3.4.1-11.el7                     @base
tzdata-java.noarch                    2020d-2.el7                      @updates

[root@sonarqubeserver conf]# pwd
/opt/sonarqube/conf

[root@sonarqubeserver conf]# ls
sonar.properties  wrapper.conf

[root@sonarqubeserver conf]# cat sonar.properties | grep -v "#" |sort -bnr
### Web Settings ###
sonar.web.host=0.0.0.0
sonar.web.javaOpts=-Xms8192m -Xmx8192m -XX:+HeapDumpOnOutOfMemoryError
sonar.web.port=9000
sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/source/anchors/ldap-certificate.jks -Djavax.net.ssl.trustStorePassword=123456
#sonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/source/anchors/ldap-certificate.jks -Djavax.net.ssl.trustStorePassword=123456

### Database Settings ###
sonar.jdbc.password=12121212
sonar.jdbc.url=jdbc:postgresql://192.168.1.2:5432/sqdb
sonar.jdbc.username=squser

### Log Settings ###
sonar.web.accessLogs.enable=true
sonar.log.level.app=DEBUG
sonar.log.level.ce=DEBUG
sonar.log.level=DEBUG
sonar.log.level.es=DEBUG
sonar.log.level.web=DEBUG
sonar.path.logs=/var/log/sonarqube/
sonar.search.javaOpts=-Xms8192m -Xmx8192m -XX:+HeapDumpOnOutOfMemoryError

## Ldap General ##
sonar.security.realm=LDAP
ldap.url=ldaps://192.168.1.3:3269

#ldap.realm=mydomain
#ldap.authentication=simple
#sonar.authenticator.downcase=false

ldap.bindDN="CN=svcldapac,OU=ServiceAccounts,DC=mydomain,DC=net"
ldap.bindPassword=1212121212
ldap.StartTLS=true

## Ldap User ##
ldap.user.baseDn="CN=User Accounts,DC=mydomain,DC=net"
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute="cn"
ldap.user.emailAttribute="mail"

## ldap Group ##
ldap.group.baseDn="OU=Groups,DC=mydomain,DC=net"
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute="sAMAccountName"

[root@sonarqubeserver sonarqube]# tail -f /var/log/sonarqube/web.log

 2020.12.30 13:52:14 INFO  web[][o.s.s.s.LogServerId] Server ID: xxxxx
 
 2020.12.30 13:52:14 INFO  web[][org.sonar.INFO] Security realm: LDAP
 
 2020.12.30 13:52:14 INFO  web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn="CN=User Accounts,DC=mydomain,DC=net", request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute="cn", emailAttribute="mail"}
 
 2020.12.30 13:52:14 INFO  web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn="OU=Groups,DC=mydomain,DC=net", idAttribute="sAMAccountName", requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
 
 2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:6100026fcc053200b18391000002, Subject:CN=MYDOMAIN ENTERPRISE CA, DC=mydomain, DC=net, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:-431972142, Valid from:4/28/18, 12:54 PM, Valid until:4/28/28, 12:11 PM
 
 2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:461be05e3472d4dc2b166b32c759, Subject:CN=MYDOMAIN ROOT CA, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:781411179, Valid from:4/28/18, 12:01 PM, Valid until:4/28/28, 12:11 PM
 
 2020.12.30 13:52:14 INFO  web[][o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
 
 2020.12.30 13:52:14 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
 org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
 	at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
 	at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
 	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
 	at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
 	at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
 	at org.picocontainer.behaviors.Stored.start(Stored.java:110)
 	at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
 	at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
 	at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
 	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
 	at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
 	at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:559)
 	at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
 	at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
 	at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
 	at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
 	at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
 	at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:120)
 	at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
 	at java.base/java.lang.Thread.run(Thread.java:834)
 Caused by: org.sonar.auth.ldap.LdapException: Unable to open LDAP connection
 	at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:214)
 	at org.sonar.auth.ldap.LdapRealm.init(LdapRealm.java:63)
 	at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:87)
 	... 19 common frames omitted
 Caused by: javax.naming.CommunicationException: Connection or outbound has closed
 	at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3432)
 	at java.naming/javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184)
 	at org.sonar.auth.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:119)
 	at org.sonar.auth.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:95)
 	at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:210)
 	... 21 common frames omitted
 Caused by: java.net.SocketException: Connection or outbound has closed
 	at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1195)
 	at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
 	at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
 	at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:405)
 	at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:378)
 	at java.naming/com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1204)
 	at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3379)
 	... 25 common frames omitted
 
 2020.12.30 13:52:14 DEBUG web[][o.s.s.p.Platform] Background initialization of SonarQube done
 2020.12.30 13:52:14 INFO  web[][o.s.p.ProcessEntryPoint] Hard stopping process
 2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager is shutting down
 2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.ManagedNHttpClientConnectionImpl] http-outgoing-0 127.0.0.1:44300<->127.0.0.1:9001[ACTIVE][r:r]: Close
 2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.InternalIODispatch] http-outgoing-0 [CLOSED]: Disconnected
 2020.12.30 13:52:14 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager shut down
 2020.12.30 13:52:14 DEBUG web[][o.s.s.a.TomcatAccessLog] Tomcat is stopped

when settings ldap.StartTLS=false,
[root@sonarqubeserver sonarqube]# tail -f /var/log/sonarqube/web.log
 ...
 2020.12.30 13:52:14 INFO  web[][o.s.s.s.LogServerId] Server ID: xxxxx
 
 2020.12.30 13:56:19 INFO  web[][org.sonar.INFO] Security realm: LDAP
 
 2020.12.30 13:56:19 INFO  web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn="CN=User Accounts,DC=mydomain,DC=net", request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute="cn", emailAttribute="mail"}
 
 2020.12.30 13:56:19 INFO  web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn="OU=Groups,DC=mydomain,DC=net", idAttribute="sAMAccountName", requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
 
 2020.12.30 13:56:19 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldaps://192.168.1.3:3269, java.naming.security.authentication=simple}
 
 2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:6100026fcc053200b18391000002, Subject:CN=MYDOMAIN ENTERPRISE CA, DC=mydomain, DC=net, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:-431972142, Valid from:4/28/18, 12:54 PM, Valid until:4/28/28, 12:11 PM
 
 2020.12.30 13:52:14 DEBUG web[][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:461be05e3472d4dc2b166b32c759, Subject:CN=MYDOMAIN ROOT CA, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:781411179, Valid from:4/28/18, 12:01 PM, Valid until:4/28/28, 12:11 PM
 
 
 2020.12.30 13:56:19 INFO  web[][o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
 
 2020.12.30 13:56:19 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
 org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
 	at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
 	at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
 	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
 	at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
 	at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
 	at org.picocontainer.behaviors.Stored.start(Stored.java:110)
 	at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
 	at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
 	at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
 	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
 	at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
 	at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:559)
 	at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
 	at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
 	at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
 	at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
 	at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
 	at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:120)
 	at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
 	at java.base/java.lang.Thread.run(Thread.java:834)
 Caused by: org.sonar.auth.ldap.LdapException: Unable to open LDAP connection
 	at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:214)
 	at org.sonar.auth.ldap.LdapRealm.init(LdapRealm.java:63)
 	at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:87)
 	... 19 common frames omitted
 Caused by: javax.naming.CommunicationException: simple bind failed: 192.168.1.3:3269
 	at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
 	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895)
 	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262)
 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:280)
 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
 	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
 	at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:719)
 	at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
 	at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
 	at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
 	at org.sonar.auth.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:137)
 	at org.sonar.auth.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:95)
 	at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:210)
 	... 21 common frames omitted
 Caused by: java.net.SocketException: Connection or outbound has closed
 	at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1195)
 	at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
 	at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
 	at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:405)
 	at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:378)
 	at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
 	at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
 	... 35 common frames omitted
 	
 2020.12.30 13:56:19 DEBUG web[][o.s.s.p.Platform] Background initialization of SonarQube done
 2020.12.30 13:56:19 INFO  web[][o.s.p.ProcessEntryPoint] Hard stopping process
 2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager is shutting down
 2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.ManagedNHttpClientConnectionImpl] http-outgoing-0 127.0.0.1:44582<->127.0.0.1:9001[ACTIVE][r:r]: Close
 2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.InternalIODispatch] http-outgoing-0 [CLOSED]: Disconnected
 2020.12.30 13:56:19 DEBUG web[][o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager shut down
 2020.12.30 13:56:19 DEBUG web[][o.s.s.a.TomcatAccessLog] Tomcat is stopped
2

Hi,

Welcome to the community!

You downloaded it to your desktop or the desktop of the SonarQube server? Because the problem doesn’t seem to be with your LDAP settings but with SonarQube’s ability to talk to your LDAP server:

org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
 ...
 Caused by: javax.naming.CommunicationException: simple bind failed: 192.168.1.3:3269
 ...
 Caused by: java.net.SocketException: Connection or outbound has closed

 
HTH,
Ann

3

Hey @espala is this thread still relevant since this one got taken care of? :smiley:

1 Like
4

I solved the problem in a very interesting way. I was able to connect to Active directory ldaps using the following settings. when I type dns instead of ip address, my problem is solved. I hope it helps those who have the same problem.

now I’m having problem with “alm integration” (bicbucket). I will open a different case for that. I think I’m learning sonarqube the hard way and step by step :slight_smile:

Ldap General

sonar.security.realm=LDAP
ldap.url=ldaps://mydomain.net:3269
ldap.StartTLS=true
ldap.followReferrals=true
ldap.realm=mydomain
ldap.authentication=simple
sonar.authenticator.downcase=true

Ldap Bind

ldap.bindDn=CN=svcldapac,OU=ServiceAccounts,DC=mydomain,DC=net
ldap.bindPassword=1212121212

Ldap User

ldap.user.baseDn=DC=mydomain,DC=net
ldap.user.request=(&(objectClass=user)(sAMAccountName={login})(memberOF=CN=atlassianbitbucket-users,OU=Atlassian,OU=APPGROUP,OU=Groups,DC=mydomain,DC=net))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

ldap Group

ldap.group.baseDn=OU=Groups,DC=mydomain,DC=net
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute=sAMAccountName

5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.