LDAP configuration, having an issue with users

LLemon · May 7, 2021, 5:25pm

Hi,
I’m attempting to configure LDAP with sonarqube and I’m having an issue getting my user configuration to function.
I’m not getting any stack traces, just the message.

2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapSettingsManager] Users will not be synchronized, because property 'ldap.user.baseDn' is empty.

It appears that the LDAP service starts, but I’m not able to log in using AD credentials.
The log states as follows…

2021.05.07 12:12:42 INFO  web [org.sonar.INFO] Security realm: LDAP
2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapSettingsManager] Users will not be synchronized, because property 'ldap.user.baseDn' is empty.
2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=CN=mygroupname,OU=Protected Folders,OU=xxx,OU=AD_Groups,DC=CORP,DC=mycompany,DC=COM, idAttribute=cn, requiredUserAttributes=[uid], request=(&(objectClass=group) (memberUid={0}))}
2021.05.07 12:12:42 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://corp.mycompany.com:389, java.naming.security.authentication=simple}
2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://corp.mycompany.com:389: OK
2021.05.07 12:12:42 INFO  web [org.sonar.INFO] Security realm started

My configuration is as follows…

sonar.security.realm=LDAP
 
ldap.url=ldap://corp.mycompany.com:389  
ldap.bindDN=CN=service_acct,CN=OU,DC=CORP,DC=mycompany,DC=COM
#ldap.bindPassword=password of the account shown above
ldap.bindPassword=*********
ldap.authentication=simple 

#User Configuration
ldap.user.baseDN=CN=AD_Users,CN=Users,DC=CORP,DC=mycompany,DC=COM 
ldap.user.request=(sAMAccountName={0}) 

#Group Configuration
ldap.group.baseDn=CN=mygroup,OU=Protected Folders,OU=xxx,OU=AD_Groups,DC=CORP,DC=mycompany,DC=COM
ldap.group.request=(&(objectClass=group) (memberUid={uid}))

Any suggestions would be appreciated, as I’m clearly doing somethin wrong.
My server admin team has suggested using the base DC, but that doesn’t work either.

SonarQube ID information
Server ID: 6792823B-AXHq6-25pZ4IjV_GWB8u
Version: 8.9.0.43852
Date: 2021-05-07

Server: windows 2012 r2
Windows based domain.

Joe · May 7, 2021, 6:08pm

Hi @LLemon ,

Welcome to SonarSource Community!

Log in as admin
Change your Log Level to DEBUG (Administration > System > Log Level) - no need to restart SonarQube
Log out as admin
Log in with an LDAP user to repeat the error
Please zip your $SONARQUBE_HOME/logs/ directory and attach on your next response.

If you prefer a private message instead, just let me know in this thread too.

Joe

LLemon · May 7, 2021, 6:56pm

Hi Joe,

Attached are the logs.
logs.zip (74.1 KB)
I see the error in the web log, and it appears to be related to the ldap users property issue. (I think…)

daniel · May 7, 2021, 7:04pm

hi @LLemon

maybe the capitalization of the DN’s might be incorrect? i think the last letter ‘n’ should probably be lowercase

ldap.bindDN
ldap.user.baseDN

e.g.:
ldap.user.baseDn

cheers
Daniel

LLemon · May 7, 2021, 7:36pm

Son of a… That looks to be what part of the issue was.
Thanks…

I now have a valid user mapping, but my AD logon is not working.
I’ll keep trying different settings on my config for mapping the users.

Joe · May 7, 2021, 7:38pm

Thanks @daniel ! Good eye! And thanks @LLemon for confirming the solution.

system · May 14, 2021, 7:39pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.