LDAP users are not able to login

olena · August 2, 2022, 3:07pm

We have configured LDAP changing sonar properties fil, looks like connection LDAP OK in the logs, but the users are still not able to login, I am wondering if anything needs to be done in the UI?

Joe · August 2, 2022, 6:11pm

Setting LDAP properties is all done with the sonar.properties (or its related environment variables for Docker or Helm chart) as documented in that file. No UI settings are typically necessary.

Can you do the following to obtain more information to assist you?

Set debug level in sonar.properties file in web.log: sonar.log.level.web=DEBUG
Restart SonarQube
Expect error
Attach the web.log to this thread for us to review

Joe · August 2, 2022, 7:23pm

Hi @olena ,

Can you have a user attempt to log in and attach the log again?

Joe · August 2, 2022, 7:45pm

Thanks, @olena.

I see this error:

2022.08.02 12:35:23 DEBUG web[AYJgDS0t2MU8ktRGAAAX][o.s.a.l.LdapUsersProvider] User <redacted> not found in <default>
2022.08.02 12:35:23 DEBUG web[AYJgDS0t2MU8ktRGAAAX][auth.event] login failure [cause|No user details][method|FORM][provider|REALM|LDAP][IP|0:0:0:0:0:0:0:1|<redacted>][login|<redacted>]
2022.08.02 12:35:28 DEBUG web[AYJgDS0t2MU8ktRGAAAY][o.s.a.l.LdapUsersProvider] Requesting details for user <redacted>
2022.08.02 12:35:28 DEBUG web[AYJgDS0t2MU8ktRGAAAY][o.s.a.l.LdapSearch] Search: LdapSearch{baseDn=<redacted>, scope=<redacted>, request=<redacted>, parameters=<redacted>, attributes=<redacted>}
2022.08.02 12:35:28 DEBUG web[AYJgDS0t2MU8ktRGAAAY][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=<redacted>, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=<redacted>, java.naming.security.authentication=simple}
2022.08.02 12:35:28 DEBUG web[AYJgDS0t2MU8ktRGAAAY][o.s.a.l.LdapUsersProvider] User <redacted> not found in <default>

You can see the ldapsearch query:

baseDn=<redacted>
scope=<redacted>
request=<redacted>
parameters=<redacted>
attributes=<redacted>

Please confirm with your LDAP admin that ldap.url, ldap.bindDn, ldap.realm, ldap.user.baseDn, etc. in your sonar.properties file is set correctly. I recommend you test this with the ldapsearch query tool first to confirm you can find that user and then update the sonar.properties and restart SonarQube as necessary.

olena · August 2, 2022, 8:14pm

@Joe please delete previous response it contains sensitive info, thank you

Joe · August 2, 2022, 8:16pm

@olena no problem, I’ve redacted the sensitive info.

Please double-check your LDAP settings and use ldapsearch to confirm the user actually can be accessed by the settings you are using in sonar.properties file.

olena · August 2, 2022, 8:17pm

how to use ldapsearch?

Joe · August 2, 2022, 8:19pm

Many links on Google:

olena · August 3, 2022, 1:40pm

2022.08.03 06:213\temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Djdk.http.auth.tunneling.disabledSchemes=“” -Djavax.net.ssl.trustStoreType=Windows-ROOT -Dhttp.nonProxyHosts=localhost|127.|[::1] -cp ./lib/sonar-application-9.2.3.50713.jar;D:\sonarqubeEE\sonarqube-9.2.3.50713\lib\jdbc\postgresql\postgresql-42.2.19.jar org.sonar.server.app.WebServer D:\sonarqubeEE\sonarqube-9.2.3.50713\temp\sq-process3910738873478572638properties
2022.08.03 06:29:52 DEBUG app[][o.s.a.p.ManagedProcessLifecycle] EventWatcher[es] tryToMoveTo web from STARTING to STARTED => true
]\ y`2022.08.03 06:213\temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Djdk.http.auth.tunneling.disabledSchemes=“” -Djavax.net.ssl.trustStoreType=Windows-ROOT -Dhttp.nonProxyHosts=localhost|127.|[::1] -cp ./lib/sonar-application-9.2.3.50713.jar;D:\sonarqubeEE\sonarqube-9.2.3.50713\lib\jdbc\postgresql\postgresql-42.2.19.jar org.sonar.server.app.WebServer D:\sonarqubeEE\sonarqube-9.2.3.50713\temp\sq-process3910738873478572638properties
2022.08.03 06:29:52 DEBUG app[o.s.a.p.ManagedProcessLifecycle] EventWatcher[es] tryToMoveTo web from STARTING to STARTED => true
]\

olena · August 3, 2022, 1:42pm

do we have to do anything with java? I have uploaded the cert to java keystore?