Hi, everyone.
I have a problema with a SonarQube Enterprise (version 8.9.8).
When I add an user in a group (administrators, for example), the privileges only last while the user is logged. If he log out, disappears from the group.
Thanks for the help!
Hey there.
Are you also delegating authentication to an external identity provider like LDAP? As noted in the documentation on Delegated Authentication:
When group mapping is configured, the delegated authentication source becomes the only place to manage group membership, and the user’s groups are re-fetched with each log in.
Meaning that if you are manually managing group membership and have ldap.group.* parameters configured, group membership will be revoked for users upon login if that group doesn’t also exist in LDAP (the same applies for other delegated authentication mechanism as well: SAML, GitHub, etc.)
Hi Colin, thanks so much for ur reply!.
So to manage users in groups is only by LDAP (they need has the same name according to documentation), I can’t any way to manage this from the plaftorm of SonarQube? (without disabling LDAP)
Another question, if I change the privileges (for user or group), from the platform like administer system, this has persistence?
Greetings, and thanks for your time!
You can disable Group Mapping (meaning you only manage group membership in SonarQube) by removing the ldap.group.* configuration in your server settings (in a conf/sonar.properties file, for example)
Permissions assigned to users are unaffected by group mapping, as well as the permissions themselves. The only thing affected by group mapping is membership in groups.
— removed. I’ll post it separately
Thank you so much.
Grateful with you!
Hey @daniel
Your understanding is right – and thanks for being open to a conversation about it.
sorry i somehow did not see you typing, i will reply with the separate thread here…