LDAP Can't Accept '\' Characters

ldap

(Erik) #1

We’re coming from version 6.7.4 (sonar-ldap-plugin-2.0) and moving to version 7.2 (sonar-ldap-plugin-2.2.0.608). All LDAP configuration settings are identical.

In the past we have always been able to log in using ‘domain\userid’. Now we are receiving the following message in the web.log with log level as ‘debug’:

login failure [cause|Use only letters, numbers, and .-_@ please.][method|FORM][provider|REALM|LDAP][IP|XX.XXX.XXX.XXX|][login|domain\userid]

Any assistance would be greatly appreciated.

UPDATE
We rolled back to version 6.7.4
Existing users do not have any issue logging in. However, when a new user tries to log in the following message appears:

2018.07.10 17:06:31 ERROR web[AWRIdu9J+ic5WCIuADRH][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.server.exceptions.BadRequestException: Use only letters, numbers, and .-_@ please.
	at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:44)
	at org.sonar.server.ws.WsUtils.checkRequest(WsUtils.java:77)
	at org.sonar.server.user.UserUpdater.createDto(UserUpdater.java:176)
	at org.sonar.server.user.UserUpdater.createAndCommit(UserUpdater.java:100)
	at org.sonar.server.authentication.UserIdentityAuthenticator.registerNewUser(UserIdentityAuthenticator.java:112)
	at org.sonar.server.authentication.UserIdentityAuthenticator.register(UserIdentityAuthenticator.java:85)
	at org.sonar.server.authentication.UserIdentityAuthenticator.authenticate(UserIdentityAuthenticator.java:74)
	at org.sonar.server.authentication.RealmAuthenticator.synchronize(RealmAuthenticator.java:141)
	at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:109)
	at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)
	at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)
	at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)
	at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)
	at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

(Erik) #3

Updated with another exception message.


(Julien Lancelot) #5

I’m not suer to understand your issue : you’re still using SonarQube 6.4 that’s it ?
At which moment of time this issue has begun to appear ?


(Erik) #6

We initially upgraded to 7.2, and existing users could not log in due to a ‘\’ in the userid. We then rolled back to 6.7.4 and the problem was resolved. However, a couple days later, a new person joined our team. When creating his account in Sonar, we receive the message again that ‘\’ is not allowed.


(Julien Lancelot) #7

In fact, I don’t know at what moment of time it has changed, but it’s indeed not allowed to have a ‘\’ in a login.
Would it be possible for you to change the login ?


(Erik) #8

We can’t change the structure of our logins. We are setup with multiple domains. Domain\userid is a standard practice in enterprise deployments. Should a bug be created to fix this issue?