Every LDAP user is able to access the SonarQube

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    ===>> Version 6.7.2
  • what are you trying to achieve
    ===>> We have DevOps integrated platform in which multiple tools are running as containers. We are trying to give access for particular group[sonar-group] and restrict all others users in LDAP as sonarqube is permitting all the uses in LDAP, but it is allowing every user in LDAP and automatically adding the user to sonar-group locally.

Hi,

Welcome to the community!

This is working as expected. The assumption is that you will restrict access to projects (the Browse permission) with group permissions.

Alternately, it may be possible that you can adjust your LDAP configuration such that users who shouldn’t be able to get in won’t be found by the LDAP user look up. Note that I am not an LDAP expert so a) I could be wrong about this and b) I am entirely unable to guide you in making such changes.

 
HTH,
Ann

1 Like

@chandra412

You can restrict SonarQube access based on a specific LDAP/AD group membership by restricting the user-filter option on the ldap.user.request:

ldap.user.request=(&(objectClass=user)(sAMAccountName={login})(memberOf=CN=ldap-group,OU=groups,DC=example,DC=com))

1 Like