LDAP configuration fails in SonarQube 7.8

iarvizu · October 8, 2019, 8:46pm

After configured LDAP in sonar.properties file, LDAPs fails. The specific error is below

Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)?
SonarQube 7.8

What are you trying to achieve?
Authenticate users with LDAP using Active Directory on SonarQube 7.8

What have you tried so far to achieve this?
Use the same LDAP configuration that is in the sonar.properties file that worked in SonarQube version 7.9.1

Sonar.properties file:

LDAP TEST CONFIGURATION

LDAP configuration

General Configuration

sonar.security.realm=LDAP
ldap.url=ldaps://ldaptest.mycompany.com:123

ldap.bindDn=my_bind_dn

ldap.bindPassword=my_bind_password

ldap.StartTLS=true

User Configuration
ldap.user.baseDn=ou=Users,dc=mycompany,dc=com
ldap.user.request=(&(uid={0})(objectclass=azPerson)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

2019.10.08 14:45:23 WARN web[o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property ‘Administration > Configuration > Server base URL’ to a HTTPS URL.
2019.10.08 14:45:23 INFO web[org.sonar.INFO] Security realm: LDAP
2019.10.08 14:45:23 INFO web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=ou=Users,dc=autozone,dc=com, request=(&(uid={0})(objectclass=azPerson)(uid={0})), realNameAttribute=cn, emailAttribute=mail}
2019.10.08 14:45:23 INFO web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property ‘ldap.group.baseDn’ is empty.
2019.10.08 14:45:23 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2019.10.08 14:45:23 ERROR web[o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
at org.picocontainer.behaviors.Stored.start(Stored.java:110)
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:561)
at org.sonar.server.platform.Platform.start(Platform.java:211)
at org.sonar.server.platform.Platform.startLevel34Containers(Platform.java:185)
at org.sonar.server.platform.Platform.access$500(Platform.java:46)
at org.sonar.server.platform.Platform$1.lambda$doRun$0(Platform.java:119)
at org.sonar.server.platform.Platform$AutoStarterRunnable.runIfNotAborted(Platform.java:371)
at org.sonar.server.platform.Platform$1.doRun(Platform.java:119)
at org.sonar.server.platform.Platform$AutoStarterRunnable.run(Platform.java:355)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.sonar.plugins.ldap.LdapException: Unable to open LDAP connection
at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:211)
at org.sonar.plugins.ldap.LdapRealm.init(LdapRealm.java:63)
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:87)
… 19 common frames omitted
Caused by: javax.naming.CommunicationException: Received fatal alert: handshake_failure
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3330)
at java.naming/javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184)
at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:120)
at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:96)
at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:207)
… 21 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:180)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:970)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:398)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:371)
at java.naming/com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1198)
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3278)
… 25 common frames omitted

Any ideas what changed between the 7.8 and 7.9.1 version to cause the failure?

Alexandre_Frigout · October 9, 2019, 1:09pm

Hello,
Between the 7.8 and 7.9.1 you probably changed your java distribution as 7.9.1 requires java 11.
So you probably did not import your certificate in the keystore of your java 11 distribution.
Alex.

iarvizu · October 11, 2019, 7:57pm

Hi Alex, Thank you for your response

Both versions have Java 11 installed.
And we also imported our certificate in the keystore
sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/az/sonar/apps/java/current/lib/security/cacerts

iarvizu · October 15, 2019, 9:06pm

Hi,

Any idea or suggestions as to what I am missing or have to do next?.

Thanks

Alexandre_Frigout · November 25, 2019, 1:43pm

Hi,
A handshake failure means at least a certificate in the certification chain is missing.
I recommend you to have a look at the first answer of this thread and to do the same to import the certificate in your trustore.
Hope this helps.

Topic		Replies	Views
Having issues with LDAP configuration SonarQube Server / Community Build	1	235	August 17, 2023
Unable to connect to LDAP SonarQube Server / Community Build	3	2102	January 2, 2023
Unable to authenticate using LDAP with SonarQube 10.6.0.92116 SonarQube Server / Community Build ldap	5	53	December 16, 2024
Sonar Qube LDAP configuration SonarQube Server / Community Build sonarqube	11	2207	July 28, 2021
SonarQube LDAP setting help SonarQube Server / Community Build ldap , authentication	8	1965	January 22, 2025