LDAP issues with latest LTS Sonarqube 9.9

Did something change for LDAP for 9.9, I don’t see any changes in regards to setting up ldap.

  • Upgrading from Sonarqube Enterprise 9.8.0 → 9.9 LTS
  • System information (Operating system, Java version, Database provider/version)
    CentOS 7
    Java JDK 17
    Postgres 12
  • What’s the issue you’re facing?
    After upgrading to latest version we no longer can connect via LDAP. I can downgrade to 9.8 and things work as normal with the same settings.
Caused by: javax.naming.CommunicationException: simple bind failed: myserver
	at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896)
	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
	at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732)
	at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
	at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
	at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.sonar.auth.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:137)
	at org.sonar.auth.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:95)
	at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:210)
	... 109 common frames omitted
Caused by: java.net.SocketException: Connection or outbound has closed
	at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1301)
	at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
	at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
	at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415)
	at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:388)
	at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
	at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
	... 123 common frames omitted

Adding more information, I used SSL poke and noticed that with the latest JDK 17 it doesn’t like making the handshake via SSL. As soon as I switch back to JDK11 it works. So no I have to find out what is causing this issue with JDK17.

I still can’t find what property I’m missing for SSL and JDK17

On my Site i have connection to the ldap in version 9.9., but he do not get the groups from the ldap and the usernames are auto created. in 8.9 all settings are the same and it runs.

Same here, no connection to LDAP server after upgrading from 9.7.1 to 9.9.0, using docker image

Caused by: java.net.SocketException: Connection or outbound has closed

Couldn’t figure out, had to downgrade. I hope there will be a solution soon.

I am seeing the exact same thing. Has anyone figured this out? I can’t downgrade, either; when attempting to, it tells me that I can’t downgrade Elasticsearch (I think that’s what it’s complaining about).

For anyone else who comes looking, for me, this was an issue where Sonarqube 9.9 totally changed how it handles custom Java trust/cert stores. In the end, since I’m using Docker, I had to bind mount my custom trust store directly to the new location for Java in 9.9 (/opt/java/openjdk/lib/security/cacerts), and then everything worked again.

1 Like