LDAP group mapping

ckonca · December 22, 2020, 9:34am

Hi community,

I have a question about ldap group mapping.
Until now, the groups we created in the same OU were matching the groups we created in the SonarQube web ui.
Now we have created new groups under a different OU and we want to pair them in SonarQube as well.
In sonar.properties file he GROUP MAPPING setting, I added new OU next to old OU. But it was not working. I get authentication error after adding new OU.
When I delete all OU from ldap.group.baseDn it work but I wonder if it is a correct use.
Does this put an extra load on the system?

GROUP MAPPING
old => ldap.group.baseDn=ou=xx,ou=yy,dc=dc1,dc=dc2
new => ldap.group.baseDn=ou=xx,ou=yy,ou=zz,ou=ww,dc=dc1,dc=dc2
work => ldap.group.baseDn=dc=dc1,dc=dc2

Thank you in advance.

OlivierK · December 22, 2020, 12:25pm

Hello @ckonca,

Indeed the ldap.group.baseDn should point at a LDAP tree node where all users are below that node.
Since ww and zz are not under xx, that cannot not work to append ou=ww and/or ou=zz
To achieve what you want to do, you have to define a BaseDN that’s 1 level higher in the LDAP tree (as you did in you work setting)

The setting ldap.group.baseDn=dc=dc1,dc=dc2 will not add any extra LDAP load on the SonarQube side. It may generate a bit more LDAP tree processing on your server side, (because the BaseDn is 1 level higher than before), but that should not be much.

Olivier

ckonca · December 22, 2020, 10:48am

Hi @OlivierK,

Thank you for information.

system · December 29, 2020, 12:26pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.