LDAP authentication error

Hi Community

We are trying to configure LDAP authentication within our Sonarqube installation. Installation is done via Helm charts in our kubernetes kluster. The LDAP server is a Microsoft Active Directory.
SonarQube Community EditionVersion 9.9.2

  sonarProperties:
    sonar.forceAuthentication: true
    # LDAP configuration
    # General Configuration
    sonar.security.realm: LDAP
    ldap.url: ldaps://<hidden>:636
    ldap.bindDn: SK-SONARQUBE@<hidden>
    ldap.bindPassword: "password"

    # User Configuration
    ldap.user.baseDn: CN=GU-APP-Sysdev-dev,OU=Groups,OU=example,DC=example,DC=com
    ldap.user.request: (&(objectClass=user)(sAMAccountName={login}))
    ldap.user.realNameAttribute: cn
    ldap.user.emailAttribute: mail

There is no group configuration.

The connection test says “OK”

Debug log below:

2023.11.22 09:23:22 DEBUG web[<hidden>][o.s.a.l.LdapSearch] Search: LdapSearch{baseDn=CN=GU-APP-Sysdev-dev,OU=Groups,OU=<hidden>,DC=<hidden>,DC=com, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[u12345], attributes=null}

2023.11.22 09:23:22 DEBUG web[<hidden>][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=SK-SONARQUBE@<hidden>.com, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldaps://<hidden>-<hidden>.<hidden>.com:636, java.naming.security.authentication=simple}

2023.11.22 09:23:22 DEBUG web[<hidden>][o.s.a.l.DefaultLdapAuthenticator] User u12345 not found in <default>

2023.11.22 09:23:22 DEBUG web[<hidden>][o.s.a.l.DefaultLdapAuthenticator] User u12345 not found

2023.11.22 09:23:22 DEBUG web[<hidden>][auth.event] login failure [cause|Realm returned authenticate=false][method|FORM][provider|REALM|ldap][IP|x.x.x.x|x.x.x.x][login|u12345]

We have confirmed that the user does exist in the baseDn.

We dont understand how to interpret the error or how to fix it. Could someone provide any support?

BR
/Daniel

We have solved this now. The problem was that our group didn’t contain any users as we thought. It does however contain members that are users we didn’t understand the difference.

2 Likes