LDAP configuration, having an issue with users

Hi,
I’m attempting to configure LDAP with sonarqube and I’m having an issue getting my user configuration to function.
I’m not getting any stack traces, just the message.

2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapSettingsManager] Users will not be synchronized, because property 'ldap.user.baseDn' is empty.

It appears that the LDAP service starts, but I’m not able to log in using AD credentials.
The log states as follows…

2021.05.07 12:12:42 INFO  web [org.sonar.INFO] Security realm: LDAP
2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapSettingsManager] Users will not be synchronized, because property 'ldap.user.baseDn' is empty.
2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=CN=mygroupname,OU=Protected Folders,OU=xxx,OU=AD_Groups,DC=CORP,DC=mycompany,DC=COM, idAttribute=cn, requiredUserAttributes=[uid], request=(&(objectClass=group) (memberUid={0}))}
2021.05.07 12:12:42 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://corp.mycompany.com:389, java.naming.security.authentication=simple}
2021.05.07 12:12:42 INFO  web [o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://corp.mycompany.com:389: OK
2021.05.07 12:12:42 INFO  web [org.sonar.INFO] Security realm started

My configuration is as follows…

sonar.security.realm=LDAP
 
ldap.url=ldap://corp.mycompany.com:389  
ldap.bindDN=CN=service_acct,CN=OU,DC=CORP,DC=mycompany,DC=COM
#ldap.bindPassword=password of the account shown above
ldap.bindPassword=*********
ldap.authentication=simple 

#User Configuration
ldap.user.baseDN=CN=AD_Users,CN=Users,DC=CORP,DC=mycompany,DC=COM 
ldap.user.request=(sAMAccountName={0}) 

#Group Configuration
ldap.group.baseDn=CN=mygroup,OU=Protected Folders,OU=xxx,OU=AD_Groups,DC=CORP,DC=mycompany,DC=COM
ldap.group.request=(&(objectClass=group) (memberUid={uid}))

Any suggestions would be appreciated, as I’m clearly doing somethin wrong.
My server admin team has suggested using the base DC, but that doesn’t work either.

SonarQube ID information
Server ID: 6792823B-AXHq6-25pZ4IjV_GWB8u
Version: 8.9.0.43852
Date: 2021-05-07

Server: windows 2012 r2
Windows based domain.

Hi @LLemon ,

Welcome to SonarSource Community! :sonarsource:

  • Log in as admin
  • Change your Log Level to DEBUG (Administration > System > Log Level) - no need to restart SonarQube
  • Log out as admin
  • Log in with an LDAP user to repeat the error
  • Please zip your $SONARQUBE_HOME/logs/ directory and attach on your next response.

If you prefer a private message instead, just let me know in this thread too.

Joe

Hi Joe,

Attached are the logs.
logs.zip (74.1 KB)
I see the error in the web log, and it appears to be related to the ldap users property issue. (I think…)

hi @LLemon

maybe the capitalization of the DN’s might be incorrect? i think the last letter ‘n’ should probably be lowercase

  • ldap.bindDN
  • ldap.user.baseDN

e.g.:
ldap.user.baseDn

cheers
Daniel

1 Like

Son of a… That looks to be what part of the issue was.
Thanks…

I now have a valid user mapping, but my AD logon is not working.
I’ll keep trying different settings on my config for mapping the users.

1 Like

Thanks @daniel ! Good eye! And thanks @LLemon for confirming the solution.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.