LDAP and Sonarqube is up and running but can't see ldap users

tuncaytas · August 4, 2022, 3:34pm

# Enable the LDAP feature
 sonar.security.realm=LDAP

# Set to true when connecting to a LDAP server using a case-insensitive setup.
 sonar.authenticator.downcase=true

# URL of the LDAP server. Note that if you are using ldaps, then you should install the server certificate into the Java truststore.
 ldap.url=ldap://10.65.61.44:389, ldap://mycompany.com

# Bind DN is the username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory (optional)
 ldap.bindDn=cn=admin,dc=mycompany,dc=com

# Bind Password is the password of the user to connect with. Leave this blank for anonymous access to the LDAP directory (optional)
 ldap.bindPassword=mypassword

# Possible values: simple | CRAM-MD5 | DIGEST-MD5 | GSSAPI See http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html (default: simple)
 ldap.authentication=simple

# See :
#   * http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html
#   * http://java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html
# (optional)
 ldap.realm=mycompany.com

# Context factory class (optional)
# ldap.contextFactoryClass=com.sun.jndi.ldap.LdapCtxFactory

# Enable usage of StartTLS (default : false)
 ldap.StartTLS=false

# Follow or not referrals. See http://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html (default: true)
 ldap.followReferrals=true

# USER MAPPING

# Distinguished Name (DN) of the root node in LDAP from which to search for users (mandatory)
 ldap.user.baseDn=cn=admin,dc=mycompany,dc=com

# LDAP user request. (default: (&(objectClass=inetOrgPerson)(uid={login})) )
 ldap.user.request=(&(objectClass=user)(sAMAccountName={login})(|(memberOf=cn=tuncaytas,cn=People,dc=mycompany,dc=com)(memberOf=cn=chiplee,cn=People,dc=mycompany,dc=com)))

# Attribute in LDAP defining the user’s real name. (default: cn)
 ldap.user.realNameAttribute=cn

# Attribute in LDAP defining the user’s email. (default: mail)
 ldap.user.emailAttribute=mail

# GROUP MAPPING

# Distinguished Name (DN) of the root node in LDAP from which to search for groups. (optional, default: empty)
 ldap.group.baseDn=cn=devops,dc=mycompany,dc=com

# LDAP group request (default: (&(objectClass=groupOfUniqueNames)(uniqueMember={dn})) )
 ldap.group.request=(&(objectClass=group)(member={dn}))

# Property used to specifiy the attribute to be used for returning the list of user groups in the compatibility mode. (default: cn)
 ldap.group.idAttribute=cn

Can you please advise why my ldap doesn’t integrate with sonarqube

tuncaytas · August 4, 2022, 3:55pm

my logs
2022.08.04 15:20:16 INFO  app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube/temp
2022.08.04 15:20:16 INFO  app[][o.s.a.es.EsSettings] Elasticsearch listening on [HTTP: 127.0.0.1:9001, TCP: 127.0.0.1:42671]
2022.08.04 15:20:16 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/opt/sonarqube/elasticsearch]: /opt/sonarqube/elasticsearch/bin/elasticsearch
2022.08.04 15:20:16 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
2022.08.04 15:20:25 INFO  app[][o.s.a.SchedulerImpl] Process[es] is up
2022.08.04 15:20:25 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='web', ipcIndex=2, logFilenamePrefix=web]] from [/opt/sonarqube]: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -server -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-9.2.3.50713.jar:/opt/sonarqube/lib/jdbc/postgresql/postgresql-42.2.19.jar org.sonar.server.app.WebServer /opt/sonarqube/temp/sq-process16973830726814950563properties
2022.08.04 15:20:34 INFO  app[][o.s.a.SchedulerImpl] Process[web] is up
2022.08.04 15:20:34 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [/opt/sonarqube]: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-9.2.3.50713.jar:/opt/sonarqube/lib/jdbc/postgresql/postgresql-42.2.19.jar org.sonar.ce.app.CeServer /opt/sonarqube/temp/sq-process17504849066538667230properties
2022.08.04 15:20:38 INFO  app[][o.s.a.SchedulerImpl] Process[ce] is up
2022.08.04 15:20:38 INFO  app[][o.s.a.SchedulerImpl] SonarQube is up

Colin · August 4, 2022, 4:09pm

Users have to login to SonarQube before you will see them in SonarQube. Are your users able to login?

tuncaytas · August 4, 2022, 4:30pm

No I can’t login with their credentials.
ldapadd -x -D cn=admin,dc=mycompany,dc=com -W -f mycompany.ldif with credentials it says user exist.
but with another user
ldapadd -x -D cn=tuncay,dc=mycompany,dc=com -W -f mycompany.ldif
it says credentials wrong.
(ldapadd -x -D cn=tuncay,dc=mycompany,dc=com -W -f mycompany.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49) )