Having issues while setting up Active directory with sonarqube?

active_directory
ldap

(Vijay Patnana) #1

Hi All,

We are using Sonarqube-6.7.2 version and which is running on linux machine. I am trying to integrate with Active Directory, I have installed the LDAP plugin(2.2) from the marketplace and modified the sonar.properties file which under Sonarqube HOME Directory.

I followed this document - https://docs.sonarqube.org/display/PLUG/LDAP+Plugin

I have created 3 groups, which are populated in AD - SonarLead, SonarUser, SonarAdmin
I added the below properties, but I don’t see the users & groups on UI after I restart the service.

Am I missing anything?

ACTIVE DIRECTORY

sonar.security.realm=LDAP
ldap.url=ldap://ad1-corp:389
ldap.bindDN=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=ad1,DC=corp
ldap.bindPassword=**********

User Configuration

ldap.user.baseDn DC=ad1,DC=corp
ldap.user.request=(&(objectCategory=Person)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn OU=IT,OU=File Share Groups,OU=company,DC=ad1,DC=corp
ldap.group.request=(&(objectClass=group)(member={dn}))

In the logs, I see no issue -

2018.06.08 12:12:35 INFO web[][org.sonar.INFO] Security realm: LDAP
2018.06.08 12:12:35 INFO web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=ad1,DC=corp, request=(&(objectCategory=Person)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2018.06.08 12:12:35 INFO web[][o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=OU=IT,OU=File Share Groups,OU=company,DC=ad1,DC=corp, idAttribute=cn, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2018.06.08 12:12:35 INFO web[][o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://ad1-corp:389: OK
2018.06.08 12:12:35 INFO web[][org.sonar.INFO] Security realm started
2018.06.08 12:12:35 INFO web[][o.s.s.t.TelemetryDaemon] Sharing of SonarQube statistics is enabled.


(Nicolas Bontoux) #2

Quick clarification to avoid any misunderstanding on how the LDAP Plugin actually behaves: it does not pull all users and groups from LDAP/AD at SonarQube (SQ) startup. i.e. it’s expected that after configuring this, then not all users are populated in the SonarQube Users admin page.

What the LDAP Plugin does is it authenticates users, and only then creates a references in the SQ backend. If user foo is in AD, foo will not be visible in SQ until foo actually logged once in SQ.

Same for groups, they need to be created in SonarQube first, per LDAP Plugin doc:

For the delegation of authorization, groups must be first defined in SonarQube.

And then the user-group membership is only updated at user login time.


(Vijay Patnana) #3

Hi Nicolas,

Thanks for the clarification. After configuring this and when I try to login with AD credentials. I am getting authentication failed message. Am I missing anything in the properties file?

I have enabled debug mode, these are the logs captured in debug mode when I had authentication issue.

2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapUsersProvider] Requesting details for user vpatnana
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=Person)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://aws-east-dc.ad1.corp:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3176)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
        at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130)
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapUsersProvider] User vpatnana not found in <default>
2018.06.12 13:14:07 ERROR web[AWP0/PqAhKsy3w9TAAAE][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user vpatnana in <default>
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3176)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
        at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130)
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        ... 47 common frames omitted
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][auth.event] login failure [cause|Unable to retrieve details for user vpatnana in <default>][method|FORM][provider|REALM|LDAP][IP|10.129.13.209|172.17.15.139][login|vpatnana]

Active Directory Setup With SonarQube
Trouble getting integrated with Active Directory
(Nicolas Bontoux) #4

Well the error message received from LDAP side (independently from SonarQube) is quite clear:

Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]

This error: In order to perform this operation a successful bind must be completed on the connection , likely relates to a configuration issue.

And in fact:

ldap.bindDN=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=ad1,DC=corp

The documented property is ldap.bindDn (lower-case n). Fixing that should let you progress in setting this up (make sure to restart SQ from command-line whenever changing sonar.properties).


(Vijay Patnana) #5

Hi Nicolas,

Good catch, I didn’t notice this lower case one. Thanks! I really appreciate it.

These are my current properties -

ACTIVE DIRECTORY

sonar.security.realm=LDAP
ldap.url=ldap://ad1-corp:389
ldap.bindDn=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=***,DC=corp
ldap.bindPassword=****

User Configuration

ldap.user.baseDn=DC=***,DC=corp
ldap.user.request=(&(objectCategory=user)(sAMAccountName=*))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn=OU=IT,OU=File Share Groups,OU=*****,DC=***,DC=corp
ldap.group.request=(&(objectClass=group)(member={dn}))

Now I am getting a different error in the logs

2018.06.12 18:08:01 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapUsersProvider] Requesting details for user vpatnana
2018.06.12 18:08:01 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
2018.06.12 18:08:01 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://aws-east-dc.ad1.corp:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=ad1,DC=corp, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.12 18:08:02 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapUsersProvider] Non unique result for LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
javax.naming.NamingException: Non unique result for LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:149)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
2018.06.12 18:08:02 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapUsersProvider] User vpatnana not found in <default>
2018.06.12 18:08:02 ERROR web[AWP2B9qfbKGKjl1BAAAw][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user vpatnana in <default>
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.NamingException: Non unique result for LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:149)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        ... 47 common frames omitted
2018.06.12 18:08:02 DEBUG web[AWP2B9qfbKGKjl1BAAAw][auth.event] login failure [cause|Unable to retrieve details for user vpatnana in <default>][method|FORM][provider|REALM|LDAP][IP|10.129.11.92|172.17.15.139][login|vpatnana]

(Nicolas Bontoux) #7

Did you get in touch with your LDAP team regarding this error ? This error relates to the response sent back by server (non-unique result).

Generally speaking it’s a good practice to fine-tune the LDAP search parameters independently from SonarQube, for example using a standard tool like ldapsearch . Once you’ve got DNs/requests working with a lightweight tool, then you can move forward more confidently with SonarQube.


(Vijay Patnana) #8

Hi Nicolas,

Thanks for your help, really appreciate it! Now the users are able to login with AD credentials. My current properties -

User Configuration

ldap.user.baseDn=DC=***,DC=corp
ldap.user.request=(&(objectCategory=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn=DC=***,DC=corp
ldap.group.request=(&(objectClass=group)(member={dn}))

But, the issue is the users who are not part of the sonar AD groups are also able to login with their AD credentials. They are coming under the default group - sonar-users group.

How to fix this? any help would be appreciated. Thanks!

Thanks,
VIjay Patnana


Restricting login to users from a specific LDAP/AD group
(Nicolas Bontoux) #9

A post was split to a new topic: Restricting login to users from a specific LDAP/AD group


(Nicolas Bontoux) #10

Thanks for sharing that login now works. I’ve forked your latest question in a distinct thread: