Getting an error Background initialization failed. Stopping SonarQube org.sonar.plugins.ldap.LdapException: Unable to open LDAP connection

sareddy · March 17, 2020, 4:57pm

I am trying to integrate my existing instance of Sonarqube with LDAP and I am receiving the following error from web.log. The version of sonarqube is 6.7.7

2020.03.16 14:47:42 INFO  web[][org.sonar.INFO] Security realm: LDAP
2020.03.16 14:47:42 INFO  web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=dc=wernerds,dc=net, request=(&(objectClaNameAttribute=name, emailAttribute=userPrincipalName}
2020.03.16 14:47:42 INFO  web[][o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=cn=werner groups,dc=wernerds,dc=net, iUserAttributes=[dn], request=(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))}
2020.03.16 14:47:43 INFO  web[][o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2020.03.16 14:47:43 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.plugins.ldap.LdapException: Unable to open LDAP connection
        at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:211)
        at org.sonar.plugins.ldap.LdapRealm.init(LdapRealm.java:63)
        at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:84)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110)
        at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
        at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
        at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
        at org.picocontainer.behaviors.Stored.start(Stored.java:110)
        at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:134)
        at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
        at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:583)
        at org.sonar.server.platform.Platform.start(Platform.java:211)
        at org.sonar.server.platform.Platform.startLevel34Containers(Platform.java:185)
        at org.sonar.server.platform.Platform.access$500(Platform.java:46)
        at org.sonar.server.platform.Platform$1.lambda$doRun$0(Platform.java:119)
        at org.sonar.server.platform.Platform$AutoStarterRunnable.runIfNotAborted(Platform.java:371)
        at org.sonar.server.platform.Platform$1.doRun(Platform.java:119)
        at org.sonar.server.platform.Platform$AutoStarterRunnable.run(Platform.java:355)
        at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext e
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
        at javax.naming.InitialContext.init(InitialContext.java:244)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
        at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:134)
        at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:96)
        at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:207)
        ... 26 common frames omitted
2020.03.16 14:47:43 INFO  web[][o.s.p.StopWatcher] Stopping process

ganncamp · March 18, 2020, 12:16pm

Hi,

Welcome to the community!

It looks like an authentication error. Have you double-checked your settings?

Ann

sareddy · March 18, 2020, 7:50pm

Hi Ann
Thanks for the reply, I thought the same thing and have checked all the settings even before raising this question. Anyway, I have double-checked all the settings again and everything looks good. Please let me know if you need any other logs from my end.

Thank you
Sainath

Frank_Fllr · May 2, 2022, 2:20pm

Hi,
I have the same issue.

Just setting up a new SQ 9.4.0 docker based instance and use my old LDAP properties (that worked fine since years (with SQ 7.7, 7.9 and 8.3) in

— sonar.properties —

...
# BEGIN ANSIBLE MANAGED BLOCK
# LDAP
sonar.security.realm=LDAP
sonar.authenticator.downcase=true
ldap.url=ldaps://ldap.XX.de

ldap.user.baseDn=cn=users,dc=XX,dc=de
ldap.user.request=(uid={login})

ldap.group.baseDn=cn=sonarqube,ou=module,dc=XX,dc=de
ldap.group.request=(uniqueMember={login})

# END ANSIBLE MANAGED BLOCK

The stacktrace looks like that:

> 2022.05.02 14:03:15 INFO  web[][o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
> 2022.05.02 14:03:15 WARN  web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc-org.sonar.server.ws.WebServiceEngine': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc-org.sonar.server.authentication.ws.AuthenticationWs': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc-org.sonar.server.authentication.ws.LoginAction': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc-org.sonar.server.authentication.CredentialsAuthentication': Unsatisfied dependency expressed through constructor parameter 2; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc-org.sonar.server.authentication.CredentialsExternalAuthentication': Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc-org.sonar.server.user.SecurityRealmFactory': Initialization of bean failed; nested exception is org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
> 2022.05.02 14:03:15 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube

How your problem was fixed?

Best regards,
Frank

ganncamp · May 2, 2022, 6:28pm

Hi Frank,

Welcome to the community!

Try briefly turning your server logging level up to TRACE and re-create the problem. You should get something helpful in the logs.

Ann

Frank_Fllr · May 4, 2022, 2:35pm

Ok, I find the problem myself:

the path to the JRE/lib/security has changed within the SQ9 image, so my volume mapping into the container didnt provide my special cacerts and the TLS connection to our OpenLDAP was refused.

Unfortunatly this was not obviously in the stacktrace.