LDAP login to Sonarqube is slow

ldap
sonarqube

(MAKARAND JADHAV) #1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube Version 6.7.5 (build 38563) - [Community]

  • what are you trying to achieve
    using LDAP Plugin(2.2 (build 608)installed) to Integrate with the Company’s Active Directory servers

  • what have you tried so far to achieve this
    Please see the below configuration(some information masked as XX due to security reasons) in sonar.properties.
    I am seeing during the LDAP login it takes some time ~ over 2 minutes, can you please assist in if the configuration being used is correct and can there be performance improvments?
    Attached below are excerpts from sonar.properties & web.log

-----------------------------------------------excerpt from sonar.properties----------------------------------------

# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
ldap.url=ldap://XXXX.XX.XX:389
ldap.bindDn=cn=<XXXX>,ou="XX Service accounts",dc=XX,dc=XX
ldap.bindPassword=XXXX
ldap.authentication=simple

# User Configuration
ldap.user.baseDn=dc=XX,dc=XX
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
 
# Group Configuration
#ldap.group.baseDn=ou=Groups,dc=sonarsource,dc=com
#ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))
sonar.log.level=DEBUG

-----------------------------------------------end of excerpt from sonar.properties----------------------------------------

------------------------------------------------excerpt from web.log------------------------------------------------------------

2018.08.16 13:43:27 DEBUG web[AWVCbH8ZKpYTWeL3AABN][auth.event] logout success [IP|XXXX|][login|jadhama]
2018.08.16 13:43:27 DEBUG web[AWVCbH8ZKpYTWeL3AABO][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|XXXX|][login|]
2018.08.16 13:43:28 DEBUG web[AWVCbH8ZKpYTWeL3AABR][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|XXXX|][login|]
2018.08.16 13:43:28 DEBUG web[AWVCbH8ZKpYTWeL3AABT][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|XXXX|][login|]
2018.08.16 13:43:53 DEBUG web[AWVCbH8ZKpYTWeL3AABU][o.s.p.l.LdapUsersProvider] Requesting details for user jadhama
2018.08.16 13:43:53 DEBUG web[AWVCbH8ZKpYTWeL3AABU][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=dc=XX,dc=XX, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[jadhama], attributes=[mail, cn]}
2018.08.16 **13:43:53** DEBUG web[AWVCbH8ZKpYTWeL3AABU][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://XXXX.XX.XX:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=<XXXX>,ou="XX Service accounts",dc=XX,dc=XX, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.08.16 13:46:00 DEBUG web[AWVCbH8ZKpYTWeL3AABU][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=dc=XX,dc=XX, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[jadhama], attributes=null}
2018.08.16 13:46:00 DEBUG web[AWVCbH8ZKpYTWeL3AABU][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://XXXX.XX.XX:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=<XXXX>,ou="XX Service accounts",dc=XX,dc=XX, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.08.16 13:46:00 DEBUG web[AWVCbH8ZKpYTWeL3AABU][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://XXXX.XX.XX:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=XXXX,OU=XX Laptops Users,DC=XX,DC=XX, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.08.16 **13:46:00** DEBUG web[AWVCbH8ZKpYTWeL3AABU][auth.event] login success [method|FORM][provider|REALM|LDAP][IP|XXXX|][login|jadhama]

-------------------------------------------------end of excerpt from web.log------------------------------------------------------------

Thanks in advance!


(G Ann Campbell) #2

Hi,

I’ve formatted your config and log excerpts for you.

Your report sounds a whole lot like this one. Julien’s answer may help you:

Ann


(MAKARAND JADHAV) #5

Thanks Ann for your response. I have a look at Julian’s response and it mentions proxy does it mean proxy setting in Sonarqube or proxy in client browser? I am also investigating network angle to this.
Also, Is there any setting to for LDAP cache? Or any other tips for performance tuning settings within Sonarqube for improving LDAP connectivity. The reason for saying this I am using similar setting within Jenkins server which is LDAP integrated but is not experiencing this slowness while login to LDAP.
Any further suggestions would be greatly appreciated!

Thanks, Mak