Duplicate users and self-reset admin password

Hi,

After a fresh install of docker image sonarqube:9-community (Version 9.7 build 61563), a notice that after each reboot or disconnection, my admin password is reset to default value “admin”

When i go to the users list, i see deplucated administrator account.

I’ve setup ldap authentification. When i connect with my ldap account in a second browser, it appears in users list (in my first “admin” browser). if i add admin right to my ldap account, it got admin right until disconnection. after reconnection, my ldap account lost his right. it looks like the ldap account is reset. but in this case, no duplicate account is created.

However, if i connect with a ldap account, disconnect, and reconnect, duplicate account are created in users list.

How can i fix this problem ? I can’t put in production a sonar that reset admin password at each disconnection.

this is my docker-compose yml

version: "3"

services:

  sonarqube:
    container_name: sonarqube
    image: sonarqube:9-community
    volumes:
      - /neosoft/docker-volume/sonar/sonarqube/conf:/opt/sonarqube/conf
      - /neosoft/docker-volume/sonar/sonarqube/data:/opt/sonarqube/data
      - /neosoft/docker-volume/sonar/sonarqube/logs:/opt/sonarqube/logs
      - /neosoft/docker-volume/sonar/sonarqube/extensions:/opt/sonarqube/extensions
      - /neosoft/docker-volume/sonar/sonarqube/bundled-plugins:/opt/sonarqube/lib/bundled-plugins
    environment:
      TZ: "Europe/Paris"
      SONARQUBE_JDBC_USERNAME: "myuser"
      SONARQUBE_JDBC_PASSWORD: "mypassword"
      SONARQUBE_JDBC_URL: "jdbc:postgresql://sonardb:5432/sonar"
    depends_on:
      - sonardb
    restart: always
    #labels:
    # traefik.enable: true
    # traefik.docker.network: net_traefik
    # traefik.http.routers.sonarqube-router.entrypoints: https
    # traefik.http.routers.sonarqube-router.rule: 'Host(`sonarqube.neo-soft.fr`) && PathPrefix(`/`)'
    # traefik.http.routers.sonarqube-router.tls: true
    # traefik.http.services.sonarqube-service.loadbalancer.server.port: 9000

    networks:
      - net_traefik

  sonardb:
    container_name: sonardb
    image: postgres:15rc2-alpine
    volumes:
      - /neosoft/docker-volume/sonar/sonardb/postgresql:/var/lib/postgresql
    environment:
      TZ: "Europe/Paris"
      POSTGRES_DB: "mydb"
      POSTGRES_USER: "myuser"
      POSTGRES_PASSWORD: "mypasword"
    restart: always
    #labels:
    #traefik.enable: "true"
    # traefik.docker.network: net_traefik
    # traefik.tcp.routers.sonardb-router.entrypoints: db
    # traefik.tcp.routers.sonardb-router.rule: HostSNI(`*`)
    # traefik.tcp.services.sonardb-service.loadbalancer.server.port: 5432
    networks:
      - net_traefik


networks:
  net_traefik:
    external: true


Thanks a lot !

Hi,

Welcome to the community!

On the face of it, this part:

sounds like a problem connecting to the DB; i.e. it sounds like a fresh H2 DB is being created with each restart.

You don’t have a yellow banner at the bottom of each screen, do you?

 
Ann

Hello,

I don’t have this banner. We use PostgresQL DB, as you can see in my docker-compose yaml.

Hi,

Okay, I’m going to ping the product team.

 
Ann

Thank you,

I’m waiting for your feedback before knowing if I should downgrade to lts or not.

Hello @Yoann_A ,

A bug related to LDAP has been identified in SonarQube 9.7.0, and a new release has been published to fix it.

Can you upgrade to 9.7.1 and let us know?

Hello,

After upgrade to 9.7.1-community :

  • No new duplicate ldap users
  • still duplicates administrator account
  • still loosing administrator right on ldap user between 2 disconnections
  • still reset administrator password between 2 reboot

Do you want some logs or anything else to help troubleshooting ?

Hello,

I try the lts-community version, and my problem still the same. So I’m starting to have doubts about the database’s configuration.

After somes research, it appears that i forget the “data” line, the 2nd volume, in my docker-compose

volumes:

  • /xxx/xxx/postgresql:/var/lib/postgresql
  • /xxx/xxx/postgresql/data:/var/lib/postgresql/data

Indeed, the first volume is not slef-sufficient (i don’t know why…)

I had still loosing administrator right on ldap user between 2 disconnections. The problem appears in 8.9.10, 9.7.0 and 9.7.1.
After somes other research, :

i configure ldap to bind my AD group. So i comment the ldap.group lines :

#ldap.group.baseDn=dc=ad,dc=local
#ldap.group.idAttribute=cn
#ldap.group.request=(&(objectClass=group)(member={dn}))

After that, my ldap user keep his right !

So now :

  • No new duplicate ldap users
  • No new duplicates administrator account
  • No reset administrator password between 2 reboot
  • No problem with ldap user’s rights

All work fine :slight_smile:

Hi,

How are admin perms granted? Is this via a group? And if so, do you have group synch enabled?

 
Ann

Hi ann, i just modify my précédent post.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.