How to transfer LDAP users to local users

Hello Guys,
we need to retransfer the login from LDAP to local.
We use SonarQube v10.5.1 Developer Instance.

How we do retransfer the LDAP users on Sonar to local accounts?

On further investigation we got the api comand to reset like this:
curl -X POST -v -u $Admincreds “http://localhost:9008/api/users/update_identity_provider?login=testuserg&newExternalProvider=sonarqube

However on firing this comand absolutely nothing happens. The particular users external provider remains on LDAP.
Also the token “local” is on false and i guess we also need to set tat to local.
In the Sonar Logs we see that this call is deprecated in our Sonar version.

So how do we retransfer our users from LDAP to local?

Any help appreciated,
Greetings Martina

Hi,

Based on this guide, it looks like sonarqube is the key for both local and LDAP accounts. Have you tried removing the LDAP provisioning from $SONARQUBE-HOME/conf/sonar.properties and restarting?

 
Ann

Hi Ann,

yes i have.
Login not possible - authentication failed.
Sonar is not the base but LDAP is. And so the users are only coming from LDAP.

They are not stored in Sonar.
Greetings
Martina

Hi Ann,

in addition, externalProvider":“LDAP_default” and local:false is set to the users attributes.

Greetings,
Martina

Hi,

Uhm… Are we talking about users who’ve logged in to SonarQube previously using LDAP? Because even LDAP users have local records in the SonarQube DB. Per the docs:

  • During the first successful authentication, the user account is created in the SonarQube database. Each time a user logs into SonarQube, the username and the email are synchronized.

Yes. Default. Also per the docs:

  • Ability to authenticate against both the external and the internal authentication systems. There is an automatic fallback to the SonarQube internal system if the LDAP server is down.

 
Ann

Hello Ann,

right, Users previously logged in via LDAP.
And no Login not possible anymore. I tested it with my own user.

Local User have externalProvider":“sonarqube” and local:true

Greetings,
Martina

Hi Martina,

When you tested with your own user, what password did you use? Was it your LDAP password? It’s possible you’ll need to log in as admin and reset the users’ passwords there since the local SonarQube instance doesn’t have access to authenticate the LDAP password.

Also, would you mind sharing why you’re trying to migrate to local authorization? It’s really just there as a starting point / default. We don’t consider it best practice to use it long term.

 
Ann

Hi Ann,

this is not possible - to reset the password of the ldap users since the passwords are not stored in Sonar.
A password change is not even shown in the users details.

and we are moving away from ldap because we transfer Sonar to a server which does not have access to ldap.

Greetings,
Martina

Hi Martina,

To be honest, I suspect that the docs are a little crufty and I’m sure we never anticipated wanting to move backward to native authentication. My recommendation is to work with your network folks to get that server access to LDAP.

And in the meantime, I’m going to flag this for more expert eyes.

 
Ann

Hi Ann,

thanks for response.
Unfortunately LDAP is no longer possible.
I now have created local users for every LDAP user with different login names but same rights.

And yes this would be nice considering that sometime one wants to move backwards to local.

Greetings,
Martina

Hi,

As a followup, I have confirmation that it’s not possible - as you discovered - to gracefully fall back from LDAP to local auth. We’re going to fix the docs.

 
Thx,
Ann