Help to configure active directory on sonar qube dev server Windows 2016

Must-share information (formatted with Markdown):

  • Sonarqube dev 8.5.1.38104)
  • connect my sonar qube serveur to an active directory

Hi Giraud,

Welcome to the community!

So, it is not clear from your post what did you try to do already and what the problem is?

Please read the official docs on Delegating Authentication.

Cheers,
Daniel

Hi,

I try to connect my sonar qube dev to an active directory domain

I got the user , the password ,the name of the domain, the port

I ve try that (see below) but sonat don’t start .

Enable the LDAP feature

sonar.security.realm=LDAP

Set to true when connecting to a LDAP server using a case-insensitive setup.

sonar.authenticator.downcase=true

URL of the LDAP server. Note that if you are using ldaps, then you should install the server certificate into the Java truststore.

ldap.url=ldap://adcgy01.tts.thales:389

Bind DN is the username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory (optional)

ldap.bindDn=adminstar

Bind Password is the password of the user to connect with. Leave this blank for anonymous access to the LDAP directory (optional)

ldap.bindPassword=xxxxx

Possible values: simple | CRAM-MD5 | DIGEST-MD5 | GSSAPI See http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html (default: simple)

ldap.authentication=simple

Hi Giraud,

Please, share any error logs you may have from the server - otherwise it will be very difficult to help.

Cheers,
Daniel

Hi Daniel,
You ask me for the log but do you think configuration is correct
for
account adminstar
domain tts.thales
(there is no group all user from domain can access)
#--------------------------------------------------------------------------------------------------

LDAP CONFIGURATION

Enable the LDAP feature

sonar.security.realm=LDAP

Set to true when connecting to a LDAP server using a case-insensitive setup.

sonar.authenticator.downcase=true

URL of the LDAP server. Note that if you are using ldaps, then you should install the server certificate into the Java truststore.

ldap.url=ldap://adcgy01.tts.thales:389

Bind DN is the username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory (optional)

ldap.bindDn=tts.thales\adminstar

Bind Password is the password of the user to connect with. Leave this blank for anonymous access to the LDAP directory (optional)

ldap.bindPassword=hide

Possible values: simple | CRAM-MD5 | DIGEST-MD5 | GSSAPI See http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html (default: simple)

ldap.authentication=simple

See :

* http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html

* http://java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html

(optional)

ldap.realm=example.org

Context factory class (optional)

ldap.contextFactoryClass=com.sun.jndi.ldap.LdapCtxFactory

Enable usage of StartTLS (default : false)

ldap.StartTLS=true

Follow or not referrals. See http://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html (default: true)

ldap.followReferrals=false

USER MAPPING

Distinguished Name (DN) of the root node in LDAP from which to search for users (mandatory)

ldap.user.baseDn=ou=users,dc=tts,dc=thales

LDAP user request. (default: (&(objectClass=inetOrgPerson)(uid={login})) )

ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))

Attribute in LDAP defining the user’s real name. (default: cn)

ldap.user.realNameAttribute=cn

Attribute in LDAP defining the user’s email. (default: mail)

ldap.user.emailAttribute=mail

GROUP MAPPING

Distinguished Name (DN) of the root node in LDAP from which to search for groups. (optional, default: empty)

ldap.group.baseDn=cn=groups,dc=tts,dc=thales

LDAP group request (default: (&(objectClass=groupOfUniqueNames)(uniqueMember={dn})) )

ldap.group.request=(&(objectClass=group)(member={dn}))

Property used to specifiy the attribute to be used for returning the list of user groups in the compatibility mode. (default: cn)

ldap.group.idAttribute=sAMAccountName

from logs
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 ]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3259)
at java.naming/

web.txt (9.1 KB)

Hi have you find the time to watch the conf and the logs i give ?

Hi,

Your LDAP configuration may not be right. A few tips in order for you to troubleshoot:

  • activate DEBUG logs so that you understand more precisely what or where the configuration load went wrong.
  • use ldapsearch CLI tool in order to validate your Group mappings and user requests parameters
  • get some advice from your LDAP admin team

Hope that helps, best regards,
Daniel