However on firing this comand absolutely nothing happens. The particular users external provider remains on LDAP.
Also the token “local” is on false and i guess we also need to set tat to local.
In the Sonar Logs we see that this call is deprecated in our Sonar version.
So how do we retransfer our users from LDAP to local?
Based on this guide, it looks like sonarqube is the key for both local and LDAP accounts. Have you tried removing the LDAP provisioning from $SONARQUBE-HOME/conf/sonar.properties and restarting?
Uhm… Are we talking about users who’ve logged in to SonarQube previously using LDAP? Because even LDAP users have local records in the SonarQube DB. Per the docs:
During the first successful authentication, the user account is created in the SonarQube database. Each time a user logs into SonarQube, the username and the email are synchronized.
Yes. Default. Also per the docs:
Ability to authenticate against both the external and the internal authentication systems. There is an automatic fallback to the SonarQube internal system if the LDAP server is down.
When you tested with your own user, what password did you use? Was it your LDAP password? It’s possible you’ll need to log in as admin and reset the users’ passwords there since the local SonarQube instance doesn’t have access to authenticate the LDAP password.
Also, would you mind sharing why you’re trying to migrate to local authorization? It’s really just there as a starting point / default. We don’t consider it best practice to use it long term.
this is not possible - to reset the password of the ldap users since the passwords are not stored in Sonar.
A password change is not even shown in the users details.
and we are moving away from ldap because we transfer Sonar to a server which does not have access to ldap.
To be honest, I suspect that the docs are a little crufty and I’m sure we never anticipated wanting to move backward to native authentication. My recommendation is to work with your network folks to get that server access to LDAP.
And in the meantime, I’m going to flag this for more expert eyes.
thanks for response.
Unfortunately LDAP is no longer possible.
I now have created local users for every LDAP user with different login names but same rights.
And yes this would be nice considering that sometime one wants to move backwards to local.
As a followup, I have confirmation that it’s not possible - as you discovered - to gracefully fall back from LDAP to local auth. We’re going to fix the docs.