Quidant
(Giraud giraud)
February 16, 2021, 8:51am
1
Must-share information (formatted with Markdown ):
Sonarqube dev 8.5.1.38104)
connect my sonar qube serveur to an active directory
Hi Giraud,
Welcome to the community!
So, it is not clear from your post what did you try to do already and what the problem is?
Please read the official docs on Delegating Authentication .
Cheers,
Daniel
Quidant
(Giraud giraud)
February 16, 2021, 12:51pm
3
Hi,
I try to connect my sonar qube dev to an active directory domain
I got the user , the password ,the name of the domain, the port
I ve try that (see below) but sonat don’t start .
Enable the LDAP feature
sonar.security.realm=LDAP
Set to true when connecting to a LDAP server using a case-insensitive setup.
sonar.authenticator.downcase=true
URL of the LDAP server. Note that if you are using ldaps, then you should install the server certificate into the Java truststore.
ldap.url=ldap://adcgy01.tts.thales:389
Bind DN is the username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory (optional)
ldap.bindDn=adminstar
Bind Password is the password of the user to connect with. Leave this blank for anonymous access to the LDAP directory (optional)
ldap.bindPassword=xxxxx
ldap.authentication=simple
Hi Giraud,
Please, share any error logs you may have from the server - otherwise it will be very difficult to help.
Cheers,
Daniel
Quidant
(Giraud giraud)
February 17, 2021, 8:23am
5
Hi Daniel,
You ask me for the log but do you think configuration is correct
for
account adminstar
domain tts.thales
(there is no group all user from domain can access)
#--------------------------------------------------------------------------------------------------
LDAP CONFIGURATION
Enable the LDAP feature
sonar.security.realm=LDAP
Set to true when connecting to a LDAP server using a case-insensitive setup.
sonar.authenticator.downcase=true
URL of the LDAP server. Note that if you are using ldaps, then you should install the server certificate into the Java truststore.
ldap.url=ldap://adcgy01.tts.thales:389
Bind DN is the username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory (optional)
ldap.bindDn=tts.thales\adminstar
Bind Password is the password of the user to connect with. Leave this blank for anonymous access to the LDAP directory (optional)
ldap.bindPassword=hide
ldap.authentication=simple
See :
(optional)
Context factory class (optional)
ldap.contextFactoryClass=com.sun.jndi.ldap.LdapCtxFactory
Enable usage of StartTLS (default : false)
ldap.StartTLS=true
ldap.followReferrals=false
USER MAPPING
Distinguished Name (DN) of the root node in LDAP from which to search for users (mandatory)
ldap.user.baseDn=ou=users,dc=tts,dc=thales
LDAP user request. (default: (&(objectClass=inetOrgPerson)(uid={login})) )
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
Attribute in LDAP defining the user’s real name. (default: cn)
ldap.user.realNameAttribute=cn
Attribute in LDAP defining the user’s email. (default: mail)
ldap.user.emailAttribute=mail
GROUP MAPPING
Distinguished Name (DN) of the root node in LDAP from which to search for groups. (optional, default: empty)
ldap.group.baseDn=cn=groups,dc=tts,dc=thales
LDAP group request (default: (&(objectClass=groupOfUniqueNames)(uniqueMember={dn})) )
ldap.group.request=(&(objectClass=group)(member={dn}))
Property used to specifiy the attribute to be used for returning the list of user groups in the compatibility mode. (default: cn)
ldap.group.idAttribute=sAMAccountName
from logs
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 ]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3259)
at java.naming/
Quidant
(Giraud giraud)
February 17, 2021, 3:36pm
7
Hi have you find the time to watch the conf and the logs i give ?
Hi,
Your LDAP configuration may not be right. A few tips in order for you to troubleshoot:
activate DEBUG logs so that you understand more precisely what or where the configuration load went wrong.
use ldapsearch CLI tool in order to validate your Group mappings and user requests parameters
get some advice from your LDAP admin team
Hope that helps, best regards,
Daniel