Error in Authentication With LDAP

Hello community!
I have a problem, with me Sonarqube configuration, the connection with LDAP is fine and see the message “test LDAP connection: OK” but when try login with my user of Active Directory only recieve the “authentication failed”.
In the file properties just configured the section #General Configuration and #User Configuration, without #Group Configuration, and the question is, this section is required or optional?

Hi @James-Gab,

Welcome to SonarSource community!

When you say #General Configuration, #User Configuration, etc., you are speaking of the sonar.properties LDAP sections? Group configuration is not required if you don’t have groups for your LDAP.

Can you share what version of SonarQube you are using? Did you make sure to restart SonarQube from the command line and not just from the UI?

Can you provide the sonar.properties LDAP values and the DEBUG level logs from $SONARQUBE_HOME/logs/web.log? You can set DEBUG level by going to Administration > System > Logs level and changing it from INFO to DEBUG. Log out as admin and try to log in as LDAP user.

Joe

Hi Joe,
I’m speaking the sonar.properties LDAP sections, if the group configurations isn’t necessary so the problem is another cause.
I use the 7.9 version and yes of course, restart the sonar from command line and i see the message “test LDAP connection OK” i never restart from the UI.
In this moment can’t show the file with the configuration, but the user tried to connect is an user active in the Active Directory.
I hope this information be sufficient for the moment.

I understand, can you provide the debug logs as I described earier? That will help too.

I changed the log level for more detail and get the next information:

2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapUsersProvider] Requesting details for user MY_USER_TO_LDAP
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=Users,dc=my_company,DC=my_company_org,dc=mx, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[MY_USER_TO_LDAP], attributes=[mail, cn]}
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=my_user_sonarqube,CN=Users,dc=my_company,DC=my_company_org,DC=mx, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://my_company.my_company_org.mx:XXXX, java.naming.security.authentication=simple}
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapUsersProvider] [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 532, v3839�]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 532, v3839�]
	at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3158)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3104)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2890)
	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2804)
	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:320)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
	at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
	at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
	at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
	at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:134)
	at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:96)
	at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:126)
	at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
	at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
	at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:97)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:91)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
	at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
	at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapUsersProvider] User MY_USER_TO_LDAP not found in <default>
2020.12.21 08:49:09 ERROR web[AXYHYuCHVx1oWMadA2L3][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user MY_USER_TO_LDAP in <default>
	at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
	at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:97)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:91)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
	at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
	at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 532, v3839�]
	at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3158)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3104)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2890)
	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2804)
	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:320)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
	at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
	at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
	at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
	at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:134)
	at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:96)
	at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:126)
	at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
	at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
	... 51 common frames omitted
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][auth.event] login failure [cause|Unable to retrieve details for user MY_USER_TO_LDAP in <default>][method|FORM][provider|REALM|LDAP][IP|xxx.xxx.xxx.xxx|][login|MY_USER_TO_LDAP].

Obviously changed the original values to values example.

Hi Joe,
I changed the level logs to info and get the more detail to error:

2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapUsersProvider] Requesting details for user MY_USER_TO_LDAP
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=Users,dc=my_company,DC=my_company_org,dc=mx, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[MY_USER_TO_LDAP], attributes=[mail, cn]}
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=my_user_sonarqube,CN=Users,dc=my_company,DC=my_company_org,DC=mx, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://my_company.my_company_org.mx:XXXX, java.naming.security.authentication=simple}
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapUsersProvider] [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 532, v3839�]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 532, v3839�]
	at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3158)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3104)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2890)
	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2804)
	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:320)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
	at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
	at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
	at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
	at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:134)
	at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:96)
	at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:126)
	at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
	at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
	at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:97)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:91)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
	at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
	at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)
2020.12.21 08:49:09 DEBUG web[AXYHYuCHVx1oWMadA2L3][o.s.p.l.LdapUsersProvider] User MY_USER_TO_LDAP not found in <default>
2020.12.21 08:49:09 ERROR web[AXYHYuCHVx1oWMadA2L3][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user MY_USER_TO_LDAP in <default>

Hi @James-Gab,

Perhaps this may help? Can you check if you have a bad password or if the ldap.bindDn in sonar.properties is correctly escaped (if necessary)?

Joe

Hi Joe,
I will try validate the configuration properties and share the result.

Hi,
I have problems when try start SonarQube, in this case clear and comment the field to connection to Active Directory, get the error “Groups will not be synchronized, because property ‘ldap.group.baseDn’ is empty” but in the sonar.properties the property is comment, is necesary remove the folder cache o temp? I never clean folder or files when try startup Sonar, but if is necesary i remove and again try start Sonar.

Hi @James-Gab,

Please show the entire debug-level log $SONARQUBE_HOME/logs/web.log like you did earlier. Let’s check all the information in there.

Joe

Hi Joe,
excuse me for the late, I try modify values to connection to LDAP and now get the next:

The connection to LDAP is fine, the message is:
2021.01.15 15:08:53 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://IP_Sonar:389: OK
2021.01.15 15:08:53 INFO web[org.sonar.INFO] Security realm started
.
.
When try sig on Sonar get the error:
2021.01.15 15:11:53 DEBUG web[AXcGmfI7kREQsi6XAAAQ][o.s.p.l.LdapUsersProvider] User USER not found in
2021.01.15 15:11:53 ERROR web[AXcGmfI7kREQsi6XAAAQ][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user USER in
at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:97)
at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:91)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.directory.InvalidSearchFilterException: integer expected inside {}: (&(objectClass=user)(sAMAccountName={sonarqube}))
at java.naming/com.sun.jndi.toolkit.dir.SearchFilter.format(SearchFilter.java:602)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1810)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130)
at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
… 51 common frames omitted

@James-Gab: Try modifying your ldap.user.request, which looks like it’s having issues based on the log here:

Caused by: javax.naming.directory.InvalidSearchFilterException: integer expected inside {}: (&(objectClass=user)(sAMAccountName={sonarqube}))

Try setting it to this:

ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))

See here

Fine and thanks Joe, change the property and try again, when finish the test share my result.

Hi Joe, again fail the test.
My configuration is:
sonar.security.realm=LDAP
sonar.forceAuthentication=true
ldap.authentication=simple
ldap.windows.compatibilityMode=true
ldap.url=ldap://Ip_Server_LDAP:389
ldap.bindDn=CN=user_sonarqube,CN=Users,DC=domain,DC=mx
ldap.bindPassword=password_user_sonarqube
ldap.user.baseDn=cn=user_sonarqube,CN=Users,DC=domain,DC=mx
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn

and get the next error:
2021.01.15 19:48:26 INFO web[org.sonar.INFO] Security realm: LDAP
2021.01.15 19:48:26 INFO web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=cn=the_value,CN=is,DC=not,DC=really, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2021.01.15 19:48:26 INFO web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property ‘ldap.group.baseDn’ is empty.
2021.01.15 19:48:26 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=the_value,CN=is,DC=not,DC=really, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://Ip_Server_LDAP:389, java.naming.security.authentication=simple}
2021.01.15 19:48:26 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://Ip_Server_LDAP:389: OK
2021.01.15 19:48:26 INFO web[org.sonar.INFO] Security realm started

2021.01.15 19:49:36 DEBUG web[AXcHmHptiQk9cYsgAAAQ][o.s.p.l.LdapUsersProvider] Requesting details for user User_AD
2021.01.15 19:49:36 DEBUG web[AXcHmHptiQk9cYsgAAAQ][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=the_value,CN=is,DC=not,DC=really, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[User_AD], attributes=[mail, cn]}
2021.01.15 19:49:36 DEBUG web[AXcHmHptiQk9cYsgAAAQ][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=the_value,CN=is,DC=not,DC=really, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://Ip_Server_LDAP:389, java.naming.security.authentication=simple}
2021.01.15 19:49:36 DEBUG web[AXcHmHptiQk9cYsgAAAQ][o.s.p.l.LdapUsersProvider] User User_AD not found in < default >
2021.01.15 19:49:36 DEBUG web[AXcHmHptiQk9cYsgAAAQ][auth.event] login failure [cause|No user details][method|FORM][provider|REALM|LDAP][IP|My_Ip_Local|][login|User_AD]
2021.01.15 19:52:36 DEBUG web[AXcHmHptiQk9cYsgAAAR][o.s.p.l.LdapUsersProvider] Requesting details for user User_AD
2021.01.15 19:52:36 DEBUG web[AXcHmHptiQk9cYsgAAAR][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=the_value,CN=Users,DC=not,DC=really, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[User_AD], attributes=[mail, cn]}
2021.01.15 19:52:36 DEBUG web[AXcHmHptiQk9cYsgAAAR][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=the_value,CN=Users,DC=not,DC=really, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://Ip_Server_LDAP:389, java.naming.security.authentication=simple}
2021.01.15 19:52:36 DEBUG web[AXcHmHptiQk9cYsgAAAR][o.s.p.l.LdapUsersProvider] User User_AD not found in < default >
2021.01.15 19:52:36 DEBUG web[AXcHmHptiQk9cYsgAAAR][auth.event] login failure [cause|No user details][method|FORM][provider|REALM|LDAP][IP|My_Ip_Local|][login|User_AD]

Hi @Joe,
Sorry, I readed the link you shared with my and read my configuration again and found a parameter to connection wrong, i corrected the value and the connection were success, thanks for your time and suggestions.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.