Hello all!
Recently I’ve been trying to integrate our SonarQube server with the FreeIPA server to enable users that only belong to sonar-users or sonar-administrators authenticate successful.
Although the user mapping worked very quickly and the users are pulled from the LDAP server, the grouping in need seems not to be applicable and everyone (even those with no assigned sonarqube group from the LDAP) can access the SonarQube server with their LDAP credentials (and are put by default to the sonar-users group that exists by default on SonarQube).
On the sonarqube logs I can see the following:
web.log:2023.01.20 10:43:46 DEBUG web[AYXOWMTlZF+pQQIdAAAF][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider ‘’
web.log:2023.01.20 11:02:53 DEBUG web[AYXOaoAaOgv9AiXOAAAF][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider ‘’
The needed groups were created prior to the configuration on our LDAP
What I want to achieve instead:
Only users that have either sonar-users or sonar-administrators group assigned on the LDAP should be able to authenticate successfully on SonarQube.
What I have tried:
GENERAL LDAP CONF
sonar.security.realm=LDAP
ldap.url=ldap://myldap
ldap.bindDn=uid=bind-user,cn=users,cn=accounts,dc=company,dc=com
ldap.bindPassword=somepass
ldap.authentication=simple
USER MAPPING
ldap.user.baseDn=cn=users,cn=accounts,dc=company,dc=com
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
GROUP MAPPING
ldap.group.baseDn=ou=groups,dc=company,dc=com
ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))
SonarQube Version: Version 9.3 (build 51899) - Developer Edition
Any suggestions on how I should address the issue?
Thank you.