LDAP Users Reset to Default


(David) #1

All, We’ve recently updated to SonarQube 7.2.1 and have enabled LDAP Authentication. However, every time a user log sin with their AD credentials, their user account gets reset to the default values. For example I have a local account which is admin. Now that we’ve enabled LDAP, i want my AD account to also be admin, but even though I add it to the group, whenever I log in, I get removed form the group. It also removes my email address.

(Nicolas Bontoux) #2

Hi there,

The first thing to check here is whether you’ve configured Group Mapping or not. If so, then the behaviour you’re behaviour may be per-design. As documented:

When group mapping is configured (i.e the below ldap.group.* properties are configured), membership in LDAP server will override any membership locally configured in SonarQube. LDAP server becomes the one and only place to manage group membership (and the info is fetched each time the user logs in).

You would have to double-check your LDAP-related configuration, and what are the actual results sent back by the AD server (given the request/attributes configured). In case of doubt, SonarQube debug logs (sonar.log.level in sonar.properties, and/or UI setting in admin System Info page) can help you understand the behaviour in more details (LDAP matters are logged in web.log).

(David) #3

Thanks NicoB. I missed that documentation for the groups. That makes total sense now. AS for the email address, the problem was the updated sonar.properties doesn’t seem to be read unless a restart the service manually from the service control panel instead of from within SonarQube itself. Everything is working now though. Thanks for the help!

(Nicolas Bontoux) #4

All good ! Thanks for the heads-up.