Sonarqube Enterprise v8.9.6
Trying to use LDAP for delegated authentication
The users are able to login but the group membership is still not able to sync despite setting up the configuration in sonar.properties and creating the group first in Sonarqube ui.

USER MAPPING

ldap.user.baseDn=OU=level4,OU=level3,OU=level2,DC=dc4,DC=dc3,DC=dc2,DC=1
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

GROUP MAPPING

ldap.group.baseDn=DC=dc4,DC=dc3,DC=dc2,DC=dc1
ldap.group.request=(&(objectClass=group)(member={sAMAccountName}))

Appreciate any help on what may be missing. Thanks!

Hi @harora ,

A few things to look into with this:

• The ldap.group.request property should look for member={dn}, not member={sAMAccountName}
• Are the groups nested, i.e. are the users actually members of a child group? To enable this, you need to set the ldap.group.request property to ldap.group.request=(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={dn})) . This enables recursive group lookups - don’t ask me why, I found it in a thread somewhere a few years ago.
• Make sure the attribute set as ldap.group.idAttribute matches what you’re using as the group name in the SonarQube UI. Groups can have different names for cn, name, displayName, and sAMAccountName.

Good luck!

Hi @cba,

Thank you. The groups are not nested but the I was missing the right ldap.group.idAttribute. Setting it to the correct value helped resolve the group memberships for the users.

Thanks agan!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.