I’m trying to configure LDAP in my environement that has an active directory with multiple sub (child) domains.
root.domain
child1.root.domain
child2.root.domain
The users connecting to Sonaqube are located in root AND sub domains.
The sAMAccountName used to login is not unique for some users, because two users with the same sAMAccountName maybe located in two differents (sub)domains.
To resove this I want to use the AD attibute UserPrincipalName (ex : User@root.domain, User@child1.root.domain) to identify users.
I have no error in log files, only a message display Authentication Failed for all of my users.
I’ve tried to connect with different combination like : User@child1.root.domain or child1.root.domain\User, etc…
Still no luck.
Has anyone ever been able to set this up?
I’m using SonarQube Developer Edition Version 8.4.2 (build 36762).
ldapsearch is a command line tool that I believe is installed on most UNIX platforms, and there’s probably a Windows implementation out there.
So if you can find the user via an ldapsearch, SonarQube will be able to find it too given the right configuration. No extra special logic. If there’s an attribute for your users that uniquely identifies them with their domain attached, great. SonarQube doesn’t care too much, it just needs the right inputs to find that user in your LDAP server and pull their info.
Trial and Error
From a SonarQube perspective you are best equipped if you turn on DEBUG level logs (sonar.log.level) in your conf/sonar.properties file) and check the web.log after adjusting your settings, restarting your SonarQube server, and attempting logins. The logs will tell you what’s wrong (or, if we’re optimistic, what’s right!).
And these logs are quite important – because maybe all your inputs are correct, and SonarQube is whining because it finds an e-mail address that already exists. Definitely check these logs out when you attempt logins.
It takes the configuration that you set and effectively