Can't Login via LDAP after upgrade to 7.6

ldap
authentication

(Florian Huber) #1

Versions: 7.6 Developer - LDAP Plugin 2.2.0.608 - Upgraded from 7.0

Hi!

After the upgrade I can’t login via LDAP.
The system is starting up without any errors.

This is the debug output from a login - The last line with [cause|Email ‘xx@frauscher.com’ is already used] catched my attention:

sonarqube_1    | 2019.02.25 16:02:00 DEBUG web[AWklYMxQVSm/4SeSAAAZ][o.s.p.l.LdapUsersProvider] Requesting details for user hfadmin
sonarqube_1    | 2019.02.25 16:02:00 DEBUG web[AWklYMxQVSm/4SeSAAAZ][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=OU=xx-Group,DC=xx,DC=intern, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})(memberof:1.2.840.113556.1.4.1941:=CN=sgrpAppSCA01Users,OU=Groups-Security,OU=0-Ress,OU=AT,OU=xx-Group,DC=xx,DC=intern)), parameters=[xxadmin], attributes=[mail, cn]}
sonarqube_1    | 2019.02.25 16:02:00 DEBUG web[AWklYMxQVSm/4SeSAAAZ][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://dc02.xx.intern, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=Service SCA01,OU=Service-Accounts,OU=0-Ress,OU=AT,OU=xx-Group,DC=xx,DC=intern, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
sonarqube_1    | 2019.02.25 16:02:00 DEBUG web[AWklYMxQVSm/4SeSAAAZ][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=OU=xx-Group,DC=xx,DC=intern, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})(memberof:1.2.840.113556.1.4.1941:=CN=sgrpAppSCA01Users,OU=Groups-Security,OU=0-Ress,OU=AT,OU=xx-Group,DC=xx,DC=intern)), parameters=[xx], attributes=null}
sonarqube_1    | 2019.02.25 16:02:00 DEBUG web[AWklYMxQVSm/4SeSAAAZ][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://dc02.xx.intern, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=Service SCA01,OU=Service-Accounts,OU=0-Ress,OU=AT,OU=xx-Group,DC=xx,DC=intern, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
sonarqube_1    | 2019.02.25 16:02:00 DEBUG web[AWklYMxQVSm/4SeSAAAZ][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://dc02.xx.intern, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=HF Admin,OU=Service-Accounts,OU=0-Ress,OU=AT,OU=xx-Group,DC=xx,DC=intern, java.naming.security.authentication=simple, java.naming.referral=follow}
sonarqube_1    | 2019.02.25 16:02:00 DEBUG web[AWklYMxQVSm/4SeSAAAZ][auth.event] login failure [cause|Email 'xx@frauscher.com' is already used][method|FORM][provider|REALM|LDAP][IP|172.18.0.4|10.1.4.227][login|xx]

Follwing is my LDAP Config:

#--------------------------------------------
# LDAP

# General Configuration
sonar.security.realm=LDAP
ldap.url=ldap://dc02.xx.intern
ldap.bindDn=CN=Service SCA01,OU=Service-Accounts,OU=0-Ress,OU=AT,OU=xx-Group,DC=xx,DC=intern
ldap.bindPassword=xxx

# User Configuration
ldap.user.baseDn=OU=xx-Group,DC=xx,DC=intern
ldap.user.request=(&(objectClass=user)(sAMAccountName={login})(memberof:1.2.840.113556.1.4.1941:=CN=sgrpAppSCA01Users,OU=Groups-Security,OU=0-Ress,OU=AT,OU=xx-Group,DC=xx,DC=intern))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

# Group Configuration
#ldap.group.baseDn=OU=xx-Group,DC=xx,DC=intern
#ldap.group.request=(&(objectClass=group)(member={dn}))
#ldap.group.idAttribute=sAMAccountName

I reverted back to the snapshot for now.

Kind regards
Florian


(Julien Lancelot) #2

Hi @itshorty,

You’ve correctly catched the error “Email ‘xx@frauscher.com’ is already used” => it’s not possible to have 2 accounts using the same email.
You need to remove the email from the second account, which is most probably a local account.

Regards,
Julien Lancelot