AD Users added as sonar-administrators are getting deleted after re-login

Template for a good bug report, formatted with Markdown:

  • versions used (SonarQube) - Enterprise ed. 8.1
  • error observed :
    ‘’’ AD Users who are already configured into the LDAP settings of sonar.properties file, lose the
    ADMIN access after re-login.’’’
  • steps to reproduce:
    ‘’’ 1.AD user logins in for the first time.
    2.User record added into the dbo.users table and dbo.groups_users table with group as
    sonar_user.
    3. user added as sonar_administrator, and see the dbo.groups_users table gets another record
    inserted for sonar_administrator.
    4. user logouts and relogins. Still a sonar_user and the sonar_admin access is lost. when
    investigated in the backend, the new added record in the dbo.groups_users for sonar_admin, is
    deleted. Unable to add AD users as ADMINS now.’’’’

After adding as admin:

After relogin: loses admin access

There are no groups set in the sonar.properties to have a miss match for the groups fall-out. Can someone plz resolve this at the earliest.

Hi,

I don’t know what this means. What property are you referring to?

So, first you should treat the DB like a black box. Yes, I know you probably only SELECTed, but you can get 99.8% of what you need from the UI. (The other 0.2% only kicks in when you’re having upgrade problems and we ask you to run a query.)

Second, it sounds like you’ve got group mapping configured. As described in the docs

When using group mapping, the following caveats apply regardless of which delegated authentication method is used:

  • membership in synchronized groups will override any membership locally configured in SonarQube at each login
  • membership in a group is synched only if a group with the same name exists in SonarQube
  • membership in the default group sonar-users remains (this is a built-in group) even if the group does not exist in the identity provider

 
HTH,
Ann