Active Directory User and Group Access through LDAP

nomie788 · July 29, 2022, 2:41pm

Must-share information (formatted with Markdown):

SonarQube Developer Edition
Need to restrict admin and User Access to authorized AD Users and Groups.
LDAP integration is complete. Currently any AD User is able to log into SonarQube. We need to restrict it to specific Groups and users

ganncamp · August 1, 2022, 1:41pm

Hi,

Welcome to the community!

Users are going to be created on first login. But you can restrict what they can see by tightly controlling ‘Browse’ permissions on your projects.

Does that help?

Ann

nomie788 · August 1, 2022, 3:09pm

Hi thanks for the reply. the method we are trying to implement is limiting access to Ad groups.
we should have the option to add an ad group to sonarqube and limit everyone else. at the moment with ldap integration any ad user is able to log in.

ganncamp · August 1, 2022, 3:14pm

Hi,

Your best bet for this is to somehow craft your lookup strings so that only users in your target group are found at login.

HTH,
Ann

nomie788 · August 3, 2022, 4:04pm

This method worked for me.
ldap.user.request=(&(objectClass=user)(sAMAccountName={login})(memberOf=CN=ldap-sonar-users,OU=groups,DC=example,DC=com))

Restricting login to users from a specific LDAP/AD group - SonarQube - Sonar Community (sonarsource.com)