Having issues while setting up Active directory with sonarqube?

Hi All,

We are using Sonarqube-6.7.2 version and which is running on linux machine. I am trying to integrate with Active Directory, I have installed the LDAP plugin(2.2) from the marketplace and modified the sonar.properties file which under Sonarqube HOME Directory.

I followed this document - https://docs.sonarqube.org/display/PLUG/LDAP+Plugin

I have created 3 groups, which are populated in AD - SonarLead, SonarUser, SonarAdmin
I added the below properties, but I don’t see the users & groups on UI after I restart the service.

Am I missing anything?

ACTIVE DIRECTORY

sonar.security.realm=LDAP
ldap.url=ldap://ad1-corp:389
ldap.bindDN=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=ad1,DC=corp
ldap.bindPassword=**********

User Configuration

ldap.user.baseDn DC=ad1,DC=corp
ldap.user.request=(&(objectCategory=Person)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn OU=IT,OU=File Share Groups,OU=company,DC=ad1,DC=corp
ldap.group.request=(&(objectClass=group)(member={dn}))

In the logs, I see no issue -

2018.06.08 12:12:35 INFO web[][org.sonar.INFO] Security realm: LDAP
2018.06.08 12:12:35 INFO web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=ad1,DC=corp, request=(&(objectCategory=Person)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2018.06.08 12:12:35 INFO web[][o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=OU=IT,OU=File Share Groups,OU=company,DC=ad1,DC=corp, idAttribute=cn, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2018.06.08 12:12:35 INFO web[][o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://ad1-corp:389: OK
2018.06.08 12:12:35 INFO web[][org.sonar.INFO] Security realm started
2018.06.08 12:12:35 INFO web[][o.s.s.t.TelemetryDaemon] Sharing of SonarQube statistics is enabled.

Quick clarification to avoid any misunderstanding on how the LDAP Plugin actually behaves: it does not pull all users and groups from LDAP/AD at SonarQube (SQ) startup. i.e. it’s expected that after configuring this, then not all users are populated in the SonarQube Users admin page.

What the LDAP Plugin does is it authenticates users, and only then creates a references in the SQ backend. If user foo is in AD, foo will not be visible in SQ until foo actually logged once in SQ.

Same for groups, they need to be created in SonarQube first, per LDAP Integration doc:

For the delegation of authorization, groups must be first defined in SonarQube.

And then the user-group membership is only updated at user login time.

Hi Nicolas,

Thanks for the clarification. After configuring this and when I try to login with AD credentials. I am getting authentication failed message. Am I missing anything in the properties file?

I have enabled debug mode, these are the logs captured in debug mode when I had authentication issue.

2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapUsersProvider] Requesting details for user vpatnana
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=Person)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://aws-east-dc.ad1.corp:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3176)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
        at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130)
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][o.s.p.l.LdapUsersProvider] User vpatnana not found in <default>
2018.06.12 13:14:07 ERROR web[AWP0/PqAhKsy3w9TAAAE][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user vpatnana in <default>
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3176)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
        at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130)
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        ... 47 common frames omitted
2018.06.12 13:14:07 DEBUG web[AWP0/PqAhKsy3w9TAAAE][auth.event] login failure [cause|Unable to retrieve details for user vpatnana in <default>][method|FORM][provider|REALM|LDAP][IP|10.129.13.209|172.17.15.139][login|vpatnana]

Well the error message received from LDAP side (independently from SonarQube) is quite clear:

Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]

This error: In order to perform this operation a successful bind must be completed on the connection , likely relates to a configuration issue.

And in fact:

ldap.bindDN=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=ad1,DC=corp

The documented property is ldap.bindDn (lower-case n). Fixing that should let you progress in setting this up (make sure to restart SQ from command-line whenever changing sonar.properties).

Hi Nicolas,

Good catch, I didn’t notice this lower case one. Thanks! I really appreciate it.

These are my current properties -

ACTIVE DIRECTORY

sonar.security.realm=LDAP
ldap.url=ldap://ad1-corp:389
ldap.bindDn=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=***,DC=corp
ldap.bindPassword=****

User Configuration

ldap.user.baseDn=DC=***,DC=corp
ldap.user.request=(&(objectCategory=user)(sAMAccountName=*))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn=OU=IT,OU=File Share Groups,OU=*****,DC=***,DC=corp
ldap.group.request=(&(objectClass=group)(member={dn}))

Now I am getting a different error in the logs

2018.06.12 18:08:01 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapUsersProvider] Requesting details for user vpatnana
2018.06.12 18:08:01 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
2018.06.12 18:08:01 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://aws-east-dc.ad1.corp:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=svc-sonarqube,OU=Service Accounts,OU=Admin,DC=ad1,DC=corp, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.12 18:08:02 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapUsersProvider] Non unique result for LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
javax.naming.NamingException: Non unique result for LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:149)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
2018.06.12 18:08:02 DEBUG web[AWP2B9qfbKGKjl1BAAAw][o.s.p.l.LdapUsersProvider] User vpatnana not found in <default>
2018.06.12 18:08:02 ERROR web[AWP2B9qfbKGKjl1BAAAw][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user vpatnana in <default>
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
        at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
        at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)
        at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
        at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
        at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
        at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
        at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.NamingException: Non unique result for LdapSearch{baseDn=DC=ad1,DC=corp, scope=subtree, request=(&(objectCategory=user)(sAMAccountName=*)), parameters=[vpatnana], attributes=[mail, cn]}
        at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:149)
        at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
        ... 47 common frames omitted
2018.06.12 18:08:02 DEBUG web[AWP2B9qfbKGKjl1BAAAw][auth.event] login failure [cause|Unable to retrieve details for user vpatnana in <default>][method|FORM][provider|REALM|LDAP][IP|10.129.11.92|172.17.15.139][login|vpatnana]

Did you get in touch with your LDAP team regarding this error ? This error relates to the response sent back by server (non-unique result).

Generally speaking it’s a good practice to fine-tune the LDAP search parameters independently from SonarQube, for example using a standard tool like ldapsearch . Once you’ve got DNs/requests working with a lightweight tool, then you can move forward more confidently with SonarQube.

Hi Nicolas,

Thanks for your help, really appreciate it! Now the users are able to login with AD credentials. My current properties -

User Configuration

ldap.user.baseDn=DC=***,DC=corp
ldap.user.request=(&(objectCategory=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn=DC=***,DC=corp
ldap.group.request=(&(objectClass=group)(member={dn}))

But, the issue is the users who are not part of the sonar AD groups are also able to login with their AD credentials. They are coming under the default group - sonar-users group.

How to fix this? any help would be appreciated. Thanks!

Thanks,
VIjay Patnana

1 Like

A post was split to a new topic: Restricting login to users from a specific LDAP/AD group

Thanks for sharing that login now works. I’ve forked your latest question in a distinct thread:

Hi Vijay,

I too trying to create AD users as admin in sonarqube but not working for me. AD users are able to login but all are part of default sonar-users group.
Where did we specify the groups in LDAP configuration?

1 Like

I have problems logging in as a domain user
My Conf

ldap.user.baseDn=DC=d4dom,DC=net
ldap.user.request=(& (objectCategory = user) (sAMAccountName = {login}))
ldap.user.realNameAttribute=displayName
ldap.user.emailAttribute=mail

Test conection LDAP is OK

The error is:

2021.05.05 10:28:01 DEBUG web[AXk7nOLwMfcLcc1uAABi][o.s.a.l.LdapUsersProvider] Requesting details for user 01mprimon
2021.05.05 10:28:01 DEBUG web[AXk7nOLwMfcLcc1uAABi][o.s.a.l.LdapSearch] Search: LdapSearch{baseDn=DC=d4dom,DC=net, scope=subtree, request=(& (objectCategory = user) (sAMAccountName = {0})), parameters=[01mprimon], attributes=[mail, displayName]}
2021.05.05 10:28:01 DEBUG web[AXk7nOLwMfcLcc1uAABi][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=ignore, java.naming.security.principal=CN=esmasq0,OU=SERVICE,OU=USERS,OU=GENERALES,DC=d4dom,DC=net, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldaps://SERVIDORLDAP, java.naming.security.authentication=simple}
2021.05.05 10:28:01 DEBUG web[AXk7nOLwMfcLcc1uAABi][jdk.event.security] TLSHandshake: SERVIDORLDAP, TLSv1.2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1622301652
2021.05.05 10:28:01 DEBUG web[AXk7nOLwMfcLcc1uAABi][o.s.a.l.LdapUsersProvider] invalid attribute description
javax.naming.directory.InvalidSearchFilterException: invalid attribute description
at java.naming/com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:437)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741)
at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2014)
at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1873)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.SonarLintConnectionFilter.doFilter(SonarLintConnectionFilter.java:66)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1629)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
2021.05.05 10:28:01 DEBUG web[AXk7nOLwMfcLcc1uAABi][o.s.a.l.LdapUsersProvider] User 01mprimon not found in
2021.05.05 10:28:01 ERROR web[AXk7nOLwMfcLcc1uAABi][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.auth.ldap.LdapException: Unable to retrieve details for user 01mprimon in
at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.SonarLintConnectionFilter.doFilter(SonarLintConnectionFilter.java:66)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1629)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.directory.InvalidSearchFilterException: invalid attribute description
at java.naming/com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:437)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741)
at java.naming/com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2014)
at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1873)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
… 53 common frames omitted

What could be the problem?

LDAP user logging is now working for me
The problem was in ldap.user.request
This is the correct configuration for me ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))

1 Like