LDAP Case Sensitivity Config Breaks Login

SonarQube Server / Community Build
, ,
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
  • how is SonarQube deployed: zip, Docker, Helm
  • what are you trying to achieve
  • what have you tried so far to achieve this

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Version: SonarQube Server - Enterprise Build 2025.1 LTA

Deployment method: Helm

What are you trying to achieve?/What have you tried so far to achieve this?

Attempting to set sonar.authenticator.downcase to True breaks LDAP login.

Confirmed that our LDAP server is set to be case-insensitive.

Found this related ticket: LDAP case sensitivity bug

We do not have LDAP group membership configured for SonarQube however.

What are we missing in terms of configuration or could this possibly be a genuine bug?

Also, when sonar.authenticator.downcase is set to true, does SonarQube automatically lowercase other LDAP-related values, such as group names or search attributes?

Thank you!

2

Hey there

When you say “breaks LDAP login” – what do you mean? More specifically – can new users login, but existing users with non-lowercase user IDs (on SonarQube) can’t?

3

Hey Colin, so sorry for the lag in getting back - just got the chance to circle back to this issue.

To help clarify - after adding the downcase configuration, we noticed that all attempts to log in to the server failed.

We have to remove the downcase configuration from the server configs and redeploy the server in order to be able to log in again.

This is for all existing users. For new users, do you mean testing adding a new user to SonarQube that isn’t authenticated through the LDAP server?

4

Hey @Alexandra

No worries.

What I’m trying to get at is – if all your users should now have a lowercase username, you are going to update the existing users to also have a lowercase uesrname, either using PATCH /api/v2/users-management/users/{id} or (more simply, but deprecated) POST api/projects/update_login.

To clarify, I’m confirming whether a new user logging into SonarQube for the first time is successful. If the login works, then your login system is functioning correctly, and you just need to update the existing logins as I previously mentioned. This is just to ensure we’re addressing the real problem. :slight_smile: