LDAP user account can't login

PeterSun · July 24, 2019, 1:17am

SonarQube 6.7
LDAP plugin 2.2

What I have done:

add a LDAP user account and set password.
try to login SonarQube but app shows “Authentication failed”.
try to create local user as the same with LDAP user accout name, like “ext12345”.
try to change the field ‘user_local’ from ‘1’ to ‘0’ on “ext12345” in database.(directly update in db).
try to login SonarQube but app still shows “Authentication failed”.

I try to listen the tcp port from LDAP server to SonarQube server.
The packet shows ‘search LDAP user success’ and ‘BindRequest success’.

I can’t use any other way to know the LDAP plugin workflow.
So what can I do now to solve this problem?

ganncamp · July 24, 2019, 4:13pm

Hi,

Is there anything in your server logs? And if not, could you try increasing your server log level and trying the authentication again? You can adjust the log level via the UI in Administration > System. You’ll only want the increased log level briefly; at low levels the logs get really big really fast.

Ann

een_23 · March 6, 2020, 8:20am

We have just upgraded to 8.2 and I have activated TRACE logs. I receive the following:

2020.03.06 09:08:17 ERROR web[AXCuy9sTEjd6QkeDAAKy][o.s.s.a.CredentialsExternalAuthentication] Error during authentication java.lang.IllegalArgumentException: A user with login 'login' already exists
	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:217)
	at org.sonar.server.user.UserUpdater.checkLoginUniqueness(UserUpdater.java:426)
	at org.sonar.server.user.UserUpdater.createDto(UserUpdater.java:168)
	at org.sonar.server.user.UserUpdater.createAndCommit(UserUpdater.java:105)
	at org.sonar.server.authentication.UserRegistrarImpl.registerNewUser(UserRegistrarImpl.java:113)
	at org.sonar.server.authentication.UserRegistrarImpl.register(UserRegistrarImpl.java:89)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.synchronize(CredentialsExternalAuthentication.java:144)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:113)
	at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
	at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
	at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
	at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:88)
	at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:72)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)
2020.03.06 09:08:17 DEBUG web[AXCuy9sTEjd6QkeDAAKy][auth.event] login failure [cause|A user with login 'login' already exists][method|FORM][provider|REALM|LDAP][IP|10.66.58.175|][login|login]

een_23 · April 2, 2020, 9:52am

This was a problem with the admin GUI not removing SAML users from the database. When I was logging in the SAML user still existed in the db. I had to remove all SAML users from the db to be able to login again.