LDAP authentication login failure

ldap

(Gheorghe Stefan) #1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 6.7.6, LDAP plugin version 2.2.0.608
  • what are you trying to achieve
    Authenticate with user from our AD via LDAP
  • what have you tried so far to achieve this
  • LDAP connection seems ok from the logs
  • tried various LDAP queries, they work fine tried from another LDAP software (Softerra) but fail in SonarQube + LDAP plugin

As mentioned in the above information, I want to configure our SonarQube installation to have LDAP authentication so that we can connect via the company credentials.
I followed the documentation, filled in the values in sonar.properties, LDAP connectivity seems fine from the logs:
INFO web[org.sonar.INFO] Security realm: LDAP
INFO web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=******, request=(&(objectCategory=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
INFO web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property ‘ldap.group.baseDn’ is empty.
DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=******, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=******, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ******: OK

(I replaced company data with ******).

Later on, when I actually try a login with a correct LDAP user & password, I get in the UI “Authentication Failed” with the following error in the log:
DEBUG web[AWkLsypfqA0WjpLqAAAL][o.s.p.l.LdapUsersProvider] Requesting details for user *****
DEBUG web[AWkLsypfqA0WjpLqAAAL][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=, scope=subtree, request=(&(objectCategory=user)(sAMAccountName={0})), parameters=[], attributes=[mail, cn]}
DEBUG web[AWkLsypfqA0WjpLqAAAL][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
DEBUG web[AWkLsypfqA0WjpLqAAAL][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=, scope=subtree, request=(&(objectCategory=user)(sAMAccountName={0})), parameters=[], attributes=null}
DEBUG web[AWkLsypfqA0WjpLqAAAL][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
DEBUG web[AWkLsypfqA0WjpLqAAAL][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=, java.naming.security.authentication=simple, java.naming.referral=follow}
DEBUG web[AWkLsypfqA0WjpLqAAAL][auth.event] login failure [cause|Email ‘@’ is already used][method|FORM][provider|REALM|LDAP][IP|0:0:0:0:0:0:0:1|][login|*****]

Again, the above LdapSearch queries, identically copied in the Softerra browser, work like a charm and they return the respective user.

Does somebody have an idea what could be the problem?


(Ankur) #2

Just a wild guess…does the user (email id) who is trying to login through LDAP already exists in SonarQube database ? If yes, try manually deleting that user from SQ first.


(Gheorghe Stefan) #3

Hi Ankur,

Thanks a lot, this seemed to be the problem! I had a local SQ user which was registered with my email address. I removed this local account and now I can login with my LDAP credentials.

Best regards,
Stefan