Added LDAP configuration to sonar.properties, it works but not for all users, groups are not recognized for some of them.
Hi everyone,
I would really appreciate if someone could take a look at this issue.
Some users are not synchronized to their respective AD groups in the application.
Our SonarQube instance is configured with LDAP authentication, it is working as expected for some of the users, the user authenticates then his AD group is shown in user administration.
But for some of the users, the group is not recognized and the user only belongs to the “sonar-users” default group.
The syntax of the group in SonarQube is the same as in LDAP server as it should be.
In the below example, USER 1’s groups are recognized and USER 2’s groups are not.
If you are interested in what all groups are currently being returned by SonarQube when a user logs in, you can also attempt the following:
Turn the log level to DEBUG level (Global Administration > System > Logs Level)
Have users you experiencing this issue login to SonarQube
Return the log level to INFO level
Browse the $SONARQUBE_HOME/logs/web.log files on your application nodes and look for messages like the following:
2019.08.14 17:13:00 DEBUG web[AWwLkym9Roi/vbL+Aral][o.s.s.a.UserIdentityAuthenticator] List of groups returned by the identity provider '[Group1, Group2]' 2019.08.14 17:13:00 DEBUG web[AWwLkym9Roi/vbL+Aral][auth.event] login success [method|BASIC][provider|REALM|LDAP][IP|10.248.82.143|][login|username]
You should confirm in the logs that all expected groups are being returned. If not, you will need to investigate and adjust your LDAP settings.
