Authentication fails on initial LDAP User Login

chauser · September 14, 2020, 1:51pm

Hi everyone,

I am new to this forum, this is my first topic, so if i forget something, please let me know.

I’m using SonarQube 8.4 Community Edition.
I’m trying to connect our Active Directory via LDAP connection. I am doing this using the sonar.properties file.
I want users of one of our AD Group to log in.

As I understand, the LDAP configuration is divided into three parts.

First, I connect via the “general” configuration part of the .properties file:

sonar.security.realm=LDAP
ldap.url=ldap://HHDCRO.hoefliger.de:389
ldap.bindDn=CN=MyUser,OU=Folder3,OU=Folder2,OU=Folder1,DC=ourdomain,DC=com
ldap.bindPassword=*****

This works !

I set the user mapping

ldap.user.baseDn=DC=ourdomain,DC=com
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

This seems to work ! (I get no exception on startup)

I set the group mapping

ldap.group.baseDn=OU=Distribution Groups,OU=Groups,OU=1_GlobalServices,OU=Our_GlobalRights
ldap.group.request=(&(objectClass=group)(member={login}))
ldap.group.idAttribute=sAMAccountName

Here, I also don’t get an exception on startup.

What I also did was adding Sonar User Groups with the same name as the Groups in our AD. As far as I understand, this is necessary, so when a user is logging in for the first time, this user will be assign to the particalur group he/she is part of in the AD.
The group I want them to be added to is part of the CN of the ldap.group.baseDn

But now, when I want to log in with a user, my authentication fails.
The logging says:

web[AXSMy5JI33FsbUosAAAU][auth.event] login failure [cause|Unable to retrieve groups for user *** in ][method|FORM]

This seems to be caused by
javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007E5, problem 5012 (DIR_ERROR), data 0

When I google this behaviour, I dont really get any usefull results. As far as I understand, I could be caused by a wrong ldap.group.baseDn, but that is more of a guess. When I add my Group as CN Prefix in the ldap.group.baseDn, the server doesn’t even startup.

I hope, I could describe my problem properly and hope that someone can help me with this.

Regards
Claudius

chauser · September 17, 2020, 9:47am

Hi everyone,
I found the solution myself.
It was rather simple, all I had to do, was adding the domain to my BaseDN for the group. The directory error was based on the fact, that a reference to the parent directory folder was missing.
So I simply changed
ldap.group.baseDn=OU=Distribution Groups,OU=Groups,OU=1_GlobalServices,OU=Our_GlobalRights
to
ldap.group.baseDn=OU=Distribution Groups,OU=Groups,OU=1_GlobalServices,OU=Our_GlobalRights,DC=ourdomain,DC=com

That’s it

I hope, everyone who might have a similar error can use this solution.

Cheers
Claudius

julienlancelot · September 17, 2020, 9:58am

Thanks @chauser for sharing here the solution of your problem !

system · September 24, 2020, 9:59am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.