LDAP Can't Accept '\' Characters

Erik · June 27, 2018, 9:36pm

We’re coming from version 6.7.4 (sonar-ldap-plugin-2.0) and moving to version 7.2 (sonar-ldap-plugin-2.2.0.608). All LDAP configuration settings are identical.

In the past we have always been able to log in using ‘domain\userid’. Now we are receiving the following message in the web.log with log level as ‘debug’:

login failure [cause|Use only letters, numbers, and .-_@ please.][method|FORM][provider|REALM|LDAP][IP|XX.XXX.XXX.XXX|][login|domain\userid]

Any assistance would be greatly appreciated.

UPDATE
We rolled back to version 6.7.4
Existing users do not have any issue logging in. However, when a new user tries to log in the following message appears:

2018.07.10 17:06:31 ERROR web[AWRIdu9J+ic5WCIuADRH][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.server.exceptions.BadRequestException: Use only letters, numbers, and .-_@ please.
	at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:44)
	at org.sonar.server.ws.WsUtils.checkRequest(WsUtils.java:77)
	at org.sonar.server.user.UserUpdater.createDto(UserUpdater.java:176)
	at org.sonar.server.user.UserUpdater.createAndCommit(UserUpdater.java:100)
	at org.sonar.server.authentication.UserIdentityAuthenticator.registerNewUser(UserIdentityAuthenticator.java:112)
	at org.sonar.server.authentication.UserIdentityAuthenticator.register(UserIdentityAuthenticator.java:85)
	at org.sonar.server.authentication.UserIdentityAuthenticator.authenticate(UserIdentityAuthenticator.java:74)
	at org.sonar.server.authentication.RealmAuthenticator.synchronize(RealmAuthenticator.java:141)
	at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:109)
	at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
	at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
	at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
	at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
	at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

Erik · July 10, 2018, 9:15pm

Updated with another exception message.

julienlancelot · July 18, 2018, 11:47am

I’m not suer to understand your issue : you’re still using SonarQube 6.4 that’s it ?
At which moment of time this issue has begun to appear ?

Erik · July 18, 2018, 1:59pm

We initially upgraded to 7.2, and existing users could not log in due to a ‘\’ in the userid. We then rolled back to 6.7.4 and the problem was resolved. However, a couple days later, a new person joined our team. When creating his account in Sonar, we receive the message again that ‘\’ is not allowed.

julienlancelot · July 19, 2018, 7:48am

In fact, I don’t know at what moment of time it has changed, but it’s indeed not allowed to have a ‘\’ in a login.
Would it be possible for you to change the login ?

Erik · July 19, 2018, 2:26pm

We can’t change the structure of our logins. We are setup with multiple domains. Domain\userid is a standard practice in enterprise deployments. Should a bug be created to fix this issue?