Hi.
We are using Sonarqube version 7.1.0.11001 as a docker container.
It sometimes happens that the LDAP login takes about 2 minutes to successfully login. Any subsequent logins don’t have this problem, until after some time, where it takes 2 minutes to log in again.
Unfortunately, I don’t know how to reproduce the problem reliably. Sometimes only a restart of the container is necessary and sometimes it just happens over time (maybe some sort of cache ran out for the user?)
Here is the truncated log file right before clicking log in and after that. There is more than a 2 minute silence (aside from the two entries at 10:39:51; Not sure if they contribute to the problem but they seem to appear always when the problem happens).
....
2018.08.06 **10:39:01** DEBUG web[AWUO0Y4Ownk8MHVXAAAG][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://ldapsrv1, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=app_sonar_ldap,OU=app,OU=op,DC=cp,DC=wien, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.08.06 10:39:51 DEBUG ce[][o.s.c.c.CeCleaningSchedulerImpl] Deleting any worn out task
2018.08.06 10:39:51 DEBUG ce[][o.s.c.c.CeCleaningSchedulerImpl] Resetting state of tasks with unknown worker UUIDs
2018.08.06 **10:41:08** DEBUG web[AWUO0Y4Ownk8MHVXAAAG][o.s.s.a.UserIdentityAuthenticator] List of groups returned by the identity provider '[... grp_sec_sonarqube_admin, ...]'
2018.08.06 10:41:08 DEBUG web[AWUO0Y4Ownk8MHVXAAAG][o.s.s.a.UserIdentityAuthenticator] Adding group 'grp_sec_sonarqube_admin' to user 'sonar_admin'
2018.08.06 10:41:08 DEBUG web[AWUO0Y4Ownk8MHVXAAAG][o.s.s.u.NewUserNotifier] User created: sonar_admin. Notifying NewUserHandler handlers...
2018.08.06 10:41:08 DEBUG web[AWUO0Y4Ownk8MHVXAAAG][auth.event] login success [method|FORM][provider|REALM|LDAP][IP|10.116.0.4|10.116.6.90][login|sonar_admin]
...
LDAP Config:
sonar.forceAuthentication=true
sonar.security.realm=LDAP
sonar.authenticator.downcase=true
ldap.servers=server1,server2
ldap.server1.url=ldap://ldapsrv1
ldap.server1.bindDn=CN=app_sonar_ldap,OU=app,OU=op,DC=cp,DC=wien
ldap.server1.bindPassword=*********
ldap.server1.user.baseDn=OU=USR,DC=cp,DC=wien
ldap.server1.user.realNameAttribute=cn
ldap.server1.user.emailAttribute=mail
ldap.server1.user.request=(&(objectClass=user)(sAMAccountName={login})(|(memberOf:1.2.840.113556.1.4.1941:=CN=grp_sec_sonarqube_user,OU=SEC,OU=OP,DC=cp,DC=wien)(memberOf:1.2.840.113556.1.4.1941:=CN=grp_sec_sonarqube_admin,OU=SEC,OU=OP,DC=cp,DC=wien)))
ldap.server1.group.baseDn=DC=cp,DC=wien
ldap.server1.group.request=(&(objectClass=group)(member={dn}))
ldap.server1.group.idAttribute=sAMAccountName
ldap.server2.url=ldap://ldapsrv2
ldap.server2.bindDn=CN=app_sonar_ldap,OU=app,OU=op,DC=cp,DC=wien
ldap.server2.bindPassword=*********
ldap.server2.user.baseDn=OU=USR,DC=cp,DC=wien
ldap.server2.user.realNameAttribute=cn
ldap.server2.user.emailAttribute=mail
ldap.server2.user.request=(&(objectClass=user)(sAMAccountName={login})(|(memberOf:1.2.840.113556.1.4.1941:=CN=grp_sec_sonarqube_user,OU=SEC,OU=OP,DC=cp,DC=wien)(memberOf:1.2.840.113556.1.4.1941:=CN=grp_sec_sonarqube_admin,OU=SEC,OU=OP,DC=cp,DC=wien)))
ldap.server2.group.baseDn=DC=cp,DC=wien
ldap.server2.group.request=(&(objectClass=group)(member={dn}))
ldap.server2.group.idAttribute=sAMAccountName
My observations are the following: I don’t think it’s the search that takes so long since a non-existent user fails to login immediately (on both ldap servers). Only when a user exists and logs in with correct credentials, the waiting starts (also, during the waiting process, every other user that wants to login, no matter if the user exists or not, has to wait).
I’m grateful for any help. Thanks!