AD groups configuration

brandon.bhagwandeen · December 19, 2019, 8:05pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) -
7.9.1
what are you trying to achieve -
When a user signs in using LDAP credentials, have sonarqube inherit their AD group membership.
what have you tried so far to achieve this -
Configured LDAP settings in sonar.properties. They can log in using LDAP credentials but are added to the sonar-users group.

I have read https://docs.sonarqube.org/latest/instance-administration/delegated-auth/

I see this caveat: "membership in a group is synched only if a group with the same name exists in SonarQube"

Does this mean i have to manually create the groups first? There are hundreds of groups in this case.

Rebse · December 20, 2019, 7:51am

Hi,

the Sonarqube groups must exist with exactly the same name as the related AD groups.
In the case of hundreds of groups, you should use a script that reads the groups from AD
and creates the Sonarqube groups via web api POST api/user_groups/create

Gilbert

brandon.bhagwandeen · December 24, 2019, 8:34pm

Thank you.

I have been able to create the groups using the API.

How can i now use the API to get a list of all the groups?

I’m using /api/user_groups/search but it has limited results. I have over 6000 groups and would like to get a list of them all. Is that possible?

Rebse · December 27, 2019, 8:01am

Hi,

you take the total count of groups from json response and use in a loop.
Here’s an example using Groovy printing the group name.

import groovy.json.*

def sonarRest(url,method) {
  jsonSlurper = new JsonSlurper()
  raw = 'someusertoken:'
  bauth = 'Basic ' + javax.xml.bind.DatatypeConverter.printBase64Binary(raw.getBytes())
  conn = new URL(url).openConnection() as HttpURLConnection
  conn.setRequestMethod(method)
  conn.setRequestProperty("Authorization", bauth)
  conn.connect()
  httpstatus = conn.responseCode
  object = jsonSlurper.parse(conn.content)
}

json = sonarRest('https://somesonarhost/api/user_groups/search?&ps=1', 'GET')
total = (json.paging.total.toFloat()/100).round()

counter = 1

while(counter <= total) {
  json = sonarRest("https://somesonarhost/api/user_groups/search?ps=100&p=$counter", 'GET')
   json.groups.each {
     println it.name
     counter++
   }
}

Gilbert

brandon.bhagwandeen · December 27, 2019, 2:55pm

Caught: groovy.lang.MissingPropertyException: No such property: paging for class: groups
groovy.lang.MissingPropertyException: No such property: paging for class: groups
at groups.run(groups.groovy:16)

line 16 - total = (groups.paging.total.toFloat()/100).round()

brandon.bhagwandeen · December 27, 2019, 3:04pm

Thanks for the idea. I did the same using Python. It’s working.

Thank you

Rebse · December 27, 2019, 10:49pm

Has to be
total = (json.paging.total.toFloat()/100).round()
instead.
Fixed this, see edit.