Active Directory Setup With SonarQube

active_directory
ldap

(Kory Miller) #1

Hi, I saw another thread related to this, but I’m struggling to figure this out.

We have SonarQube installed on a Windows 2016 Server, with SQL 2016 on a separate server. I have installed the plugin manually (2.2 Build 608) and verified that it shows up as “installed”, I have added the lines below to the sonar.properties file and restarted the server by going to the Web GUI > System > Restart Server. When it comes up, I check both the sonar.log and the web.log and don’t see any entries related to LDAP other than the log saying something to the effect of loading LDAP plugin. Am I doing something incorrectly? I feel like I’ve missed something as it doesn’t even seem to be recognizing anything related to my LDAP configuration.

I’ve added these lines just below the Microsoft SQLServer section.

LDAP configuration

General Configuration

sonar.security.realm=LDAP
ldap.url=ldaps://myldapserver.local:636
ldap.bindDn=CN=AD Query,CN=Managed Service Accounts,DC=my,DC=company,DC=local
ldap.bindPassword=************

User Configuration

ldap.user.baseDn=OU=Test Bench Users,DC=my,DC=company,DC=local
ldap.user.request=(sAMAccountName={0})
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn=CN=Users,DC=my,DC=company,DC=local
ldap.group.request=(&(objectClass=group)(memberUid={uid}))

sonar.log.level=DEBUG

Note: I did rename my original sonar.properties to sonar.properties.old, the file I am editing is named sonar.properties. I’m hoping that SonarQube isn’t trying to load sonar.properties.old somehow, but just wanted to throw this out there just in case.


(Nicolas Bontoux) #2

Hi Kory,

Careful there, as discussed in this thread:

make sure to restart SQ from command-line whenever changing sonar.properties


(Rick Bond) #3

Kory,

Did you ever get this fixed.
I am having the same issues. LDAP 2.2 connecting to a windows 2016 Server.

I get the following in my Web logs

2018.09.27 10:55:28 INFO  web[][org.sonar.INFO] Security realm: LDAP
2018.09.27 10:55:28 INFO  web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=cn=Users,dc=Company,dc=net, request=(sAMAccountName={0}), realNameAttribute=cn, emailAttribute=mail}
2018.09.27 10:55:28 INFO  web[][o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=cn=Groups,dc=Company,dc=net, idAttribute=sAMAccountName, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2018.09.27 10:55:28 INFO  web[][o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://Server01.Company.net: OK

I am still able to login with my sonarQube Creds, Can’t login with AD creds and there are no new users or groups in the security section.

Thank you,

Rick


(Kory Miller) #4

Rick,

Sorry for the slow response, we did get this working. Here is the configuration we used, obviously, I’ve stripped out any of our proprietary information. Hopefully this will help you.

# LDAP configuration

# General Configuration

sonar.security.realm=LDAP

#ldap.StartTLS=true

ldap.url=ldaps://yourserver.yourdomain.com:yourportnumberhere (i.e. 389 or 636)

ldap.bindDN=distinguished name of an account with rights to query Active Directory (i.e. CN=adqueryaccount,CN=OU,DC=test,DC=com

ldap.bindPassword=password of the account shown above

ldap.authentication=simple

#User Configuration

ldap.user.baseDN=distinguishedname of the OU that will have your SonarQube user's

ldap.user.request=(sAMAccountName={0})

ldap.user.realNameAttribute=cn

ldap.user.emailAttribute=mail

#Group Configuration

ldap.group.baseDn=distinguished name of an AD group that your sonarqube user's may belong to (I believe group configuration is optional)

ldap.group.request=(&(objectClass=group) (memberUid={uid}))

​Thanks,

Kory


(Nicolas Bontoux) #5

@Rickbond: to complement @kmiller’s input, whenever you fail to authenticate with AD credentials, then the debug logs (you can enable those dynamically via the System Info page) are usually very helpful in figuring out what’s going on (LDAP matters are logged in web.log ).