Apacheds ldaps fails

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    community edition 9.5

*what are you trying to achieve
connecting to apacheds ldaps succeeds

  • what have you tried so far to achieve this
    Apacheds and Soarqube are on the same machine. And I generated the TrustStore using KeyTool.

Configuration is as follows:

sonar.security.realm=LDAP
ldap.url=ldaps://192.168.56.102:10636
ldap.authentication=simple
ldap.StartTLS=true
ldap.user.baseDn=cn=jenkins-admin,ou=people,dc=testpartition1,dc=com
ldap.user.request=(sn={login})
ldap.user.realNameAttribute=givenName
ldap.user.emailAttribute=mail
ldap.group.baseDn=ou=people,dc=testpartition1,dc=com
ldap.group.request=(cn={departmentNumber})
sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/usr/local/jdk-11/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=secret
sonar.log.level=DEBUG

Attachment is the web.log
web.log (1.2 MB)

Hey there.

According to the logs, the Java distribution running your SonarQube server doesn’t trust the certificate installed on your LDAP server.

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626)
	... 127 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
	... 133 common frames omitted

You’re doing the right thing by adjusting the trustStore used via sonar.web.javaAdditionalOpts – and, I would suggest using a tool like SSLPoke to separate the issue from SonarQube entirely and confirm that your truststore is configured correctly.