LDAPs authentication

SonarQube Server / Community Build
1

Hello,

I have sonarqube version 9.9.0.65466. Till now we are using LDAP (works fine) and now i’m trying to configure LDAPs.
What was done:

  •       Import certificate from my AD

  •       this certificate was inserted  to java trusted store

  •       In sonar.propreties:
          - Both (i use two AD server) ldap.url were changed  to 
            ldap.my_server1.url=ldaps://my_server1:636 and to  
           ldap.my_server2.url=ldaps://my_server2:636
                  - Tested with port (636) and without
         -  changed ldap.StartTLS=true - also tested with ldap.StartTLS=false
         -  added: sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/pki/ca- 
            trust/extracted/java/cacerts -Djavax.net.ssl.trustStorePassword=<password>

If i check logs, now sonarqube is starting but seems that elasticsearch has a problem - is starting and after a few second is stoped and again and again. When i put the old configuration back (LDAP) everything is working well.

Has anyone had this problem?
Maybe i missed something?
Does anyone have a idea what’s wrong and have a solution?

2

Hi,

I wouldn’t think LDAPS would impact Elasticsearch. What errors are you seeing in your server logs?

 
Ann

3

Hi, it seems that is something wrong with LDAP(s) config. Below are logs (like i said - if i change to LDAP everything is working):
web.log:

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: 
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.authentication.ws.AuthenticationWs': 
Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: 
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.authentication.ws.LoginAction': 
Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: 
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.authentication.CredentialsAuthentication': 
Unsatisfied dependency expressed through constructor parameter 4; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: 
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.authentication.LdapCredentialsAuthentication': 
Unsatisfied dependency expressed through constructor parameter 3; nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.auth.ldap.LdapRealm': 
Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: 
Failed to instantiate [org.sonar.auth.ldap.LdapRealm]: Constructor threw exception; nested exception is org.sonar.auth.ldap.LdapException: 
LDAP realm failed to start: Unable to open LDAP connection

es.log (cca every 20 sec):

2024.04.02 07:58:30 INFO  es[][o.e.n.Node] version[7.17.8], pid[1247790], build[default/tar/120eabe1c8a0cb2ae87cffc109a5b65d213e9df1/2022-12-02T17:33:09.727072865Z], OS[Linux/4.18.0-513.18.1.el8_9.x86_64/amd64], JVM[Red Hat, Inc./OpenJDK 64-Bit Server VM/17.0.10/17.0.10+7-LTS]
2024.04.02 07:58:30 INFO  es[][o.e.n.Node] JVM home [/usr/lib/jvm/java-17-openjdk-17.0.10.0.7-2.el8.x86_64]
2024.04.02 07:58:30 INFO  es[][o.e.n.Node] JVM arguments [-XX:+UseG1GC, -Djava.io.tmpdir=/opt/sonarqES/temp, -XX:ErrorFile=/opt/sonarqube/logs/es_hs_err_pid%p.log, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djna.tmpdir=/opt/sonarqES/temp, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=COMPAT, -Dcom.redhat.fips=false, -Des.enforce.bootstrap.checks=true, -Xmx512m, -Xms512m, -XX:MaxDirectMemorySize=256m, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/opt/sonarqube/elasticsearch, -Des.path.conf=/opt/sonarqES/temp/conf/es, -Des.distribution.flavor=default, -Des.distribution.type=tar, -Des.bundled_jdk=false]
2024.04.02 07:58:31 INFO  es[][o.e.p.PluginsService] loaded module [analysis-common]
2024.04.02 07:58:31 INFO  es[][o.e.p.PluginsService] loaded module [lang-painless]
2024.04.02 07:58:31 INFO  es[][o.e.p.PluginsService] loaded module [parent-join]
2024.04.02 07:58:31 INFO  es[][o.e.p.PluginsService] loaded module [reindex]
2024.04.02 07:58:31 INFO  es[][o.e.p.PluginsService] loaded module [transport-netty4]
2024.04.02 07:58:31 INFO  es[][o.e.p.PluginsService] no plugins loaded
2024.04.02 07:58:31 INFO  es[][o.e.e.NodeEnvironment] using [1] data paths, mounts [[/opt/sonarqES (/dev/mapper/VG_sonarq_Elasticsearch-LV_sonarq_ES)]], net usable_space [92.5gb], net total_space [97.8gb], types [ext4]
2024.04.02 07:58:31 INFO  es[][o.e.e.NodeEnvironment] heap size [512mb], compressed ordinary object pointers [true]
2024.04.02 07:58:31 INFO  es[][o.e.n.Node] node name [sonarqube], node ID [5LNkr8ImRNmCSywEZyfV4Q], cluster name [sonarqube], roles [data_frozen, master, remote_cluster_client, data, data_content, data_hot, data_warm, data_cold, ingest]
2024.04.02 07:58:34 INFO  es[][o.e.t.NettyAllocator] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=512mb}]
2024.04.02 07:58:34 INFO  es[][o.e.i.r.RecoverySettings] using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]
2024.04.02 07:58:35 INFO  es[][o.e.d.DiscoveryModule] using discovery type [zen] and seed hosts providers [settings]
2024.04.02 07:58:35 INFO  es[][o.e.g.DanglingIndicesState] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
2024.04.02 07:58:35 INFO  es[][o.e.n.Node] initialized
2024.04.02 07:58:35 INFO  es[][o.e.n.Node] starting ...
2024.04.02 07:58:35 INFO  es[][o.e.t.TransportService] publish_address {127.0.0.1:35695}, bound_addresses {127.0.0.1:35695}
2024.04.02 07:58:36 INFO  es[][o.e.b.BootstrapChecks] explicitly enforcing bootstrap checks
2024.04.02 07:58:36 INFO  es[][o.e.c.c.Coordinator] cluster UUID [t_HMqmyRRAu2v09d0hT0qA]
2024.04.02 07:58:36 INFO  es[][o.e.c.s.MasterService] elected-as-master ([1] nodes joined)[{sonarqube}{5LNkr8ImRNmCSywEZyfV4Q}{QLudb6nFTy-qNd3WPWhuNw}{127.0.0.1}{127.0.0.1:35695}{cdfhimrsw} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1003, version: 14554, delta: master node changed {previous [], current [{sonarqube}{5LNkr8ImRNmCSywEZyfV4Q}{QLudb6nFTy-qNd3WPWhuNw}{127.0.0.1}{127.0.0.1:35695}{cdfhimrsw}]}
2024.04.02 07:58:36 INFO  es[][o.e.c.s.ClusterApplierService] master node changed {previous [], current [{sonarqube}{5LNkr8ImRNmCSywEZyfV4Q}{QLudb6nFTy-qNd3WPWhuNw}{127.0.0.1}{127.0.0.1:35695}{cdfhimrsw}]}, term: 1003, version: 14554, reason: Publication{term=1003, version=14554}
2024.04.02 07:58:36 INFO  es[][o.e.h.AbstractHttpServerTransport] publish_address {127.0.0.1:9001}, bound_addresses {127.0.0.1:9001}
2024.04.02 07:58:36 INFO  es[][o.e.n.Node] started
2024.04.02 07:58:36 INFO  es[][o.e.g.GatewayService] recovered [7] indices into cluster_state
2024.04.02 07:58:37 INFO  es[][o.e.c.r.a.AllocationService] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[metadatas][0]]]).
2024.04.02 07:58:47 INFO  es[][o.e.n.Node] stopping ...
2024.04.02 07:58:47 INFO  es[][o.e.n.Node] stopped
2024.04.02 07:58:47 INFO  es[][o.e.n.Node] closing ...
2024.04.02 07:58:47 INFO  es[][o.e.n.Node] closed

sonar.log (every cca 20 sec)

2024.04.02 07:59:25 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
2024.04.02 07:59:33 INFO  app[][o.s.a.SchedulerImpl] Process[es] is up
2024.04.02 07:59:33 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[WEB_SERVER] from [/opt/sonarqube]: /usr/lib/jvm/java-17-openjdk-17.0.10.0.7-2.el8.x86_64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqES/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-9.9.0.65466.jar:/opt/sonarqube/lib/jdbc/mssql/mssql-jdbc-9.4.1.jre11.jar org.sonar.server.app.WebServer /opt/sonarqES/temp/sq-process9326349283852102673properties
2024.04.02 07:59:43 INFO  app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped
2024.04.02 07:59:43 INFO  app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
2024.04.02 07:59:43 WARN  app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [ElasticSearch]: 143
2024.04.02 07:59:43 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped
2024.04.02 07:59:44 INFO  app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqES/temp
2024.04.02 07:59:44 INFO  app[][o.s.a.es.EsSettings] Elasticsearch listening on [HTTP: 127.0.0.1:9001, TCP: 127.0.0.1:39425]
2024.04.02 07:59:44 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[ELASTICSEARCH] from [/opt/sonarqube/elasticsearch]: /opt/sonarqube/elasticsearch/bin/elasticsearch
2024.04.02 07:59:44 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
2024.04.02 07:59:52 INFO  app[][o.s.a.SchedulerImpl] Process[es] is up
2024.04.02 07:59:52 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[WEB_SERVER] from [/opt/sonarqube]: /usr/lib/jvm/java-17-openjdk-17.0.10.0.7-2.el8.x86_64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqES/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-9.9.0.65466.jar:/opt/sonarqube/lib/jdbc/mssql/mssql-jdbc-9.4.1.jre11.jar org.sonar.server.app.WebServer /opt/sonarqES/temp/sq-process16383936932455007295properties
2024.04.02 08:00:02 INFO  app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped
2024.04.02 08:00:02 WARN  app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [ElasticSearch]: 143
2024.04.02 08:00:02 INFO  app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
2024.04.02 08:00:02 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped
2024.04.02 08:00:03 INFO  app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqES/temp
2024.04.02 08:00:03 INFO  app[][o.s.a.es.EsSettings] Elasticsearch listening on [HTTP: 127.0.0.1:9001, TCP: 127.0.0.1:35671]
2024.04.02 08:00:03 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[ELASTICSEARCH] from [/opt/sonarqube/elasticsearch]: /opt/sonarqube/elasticsearch/bin/elasticsearch
2024.04.02 08:00:03 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running

mesage.log(also every cca 20 sec)

Apr  2 08:12:45 srvsonarqtr8 sonar.sh[1264534]: /usr/bin/java
Apr  2 08:12:45 srvsonarqtr8 sonar.sh[1264534]: Gracefully stopping SonarQube...
Apr  2 08:12:45 srvsonarqtr8 sonar.sh[1264534]: Removed stale pid file: ./SonarQube.pid
Apr  2 08:12:45 srvsonarqtr8 sonar.sh[1264534]: SonarQube was not running.
Apr  2 08:12:45 srvsonarqtr8 systemd[1]: sonarqube.service: Succeeded.
Apr  2 08:12:45 srvsonarqtr8 systemd[1]: sonarqube.service: Service RestartSec=100ms expired, scheduling restart.
Apr  2 08:12:45 srvsonarqtr8 systemd[1]: sonarqube.service: Scheduled restart job, restart counter is at 95.
Apr  2 08:12:45 srvsonarqtr8 systemd[1]: Stopped SonarQube service.
Apr  2 08:12:45 srvsonarqtr8 systemd[1]: Starting SonarQube service...
Apr  2 08:12:45 srvsonarqtr8 sonar.sh[1264567]: /usr/bin/java
Apr  2 08:12:45 srvsonarqtr8 sonar.sh[1264567]: Starting SonarQube...
Apr  2 08:12:45 srvsonarqtr8 sonar.sh[1264567]: Started SonarQube.
Apr  2 08:12:45 srvsonarqtr8 systemd[1]: Started SonarQube service.
4

Hi,

It comes down to this:

I recommend using a dedicated LDAP client to work through what the setting should be, and then applying them in SonarQube.

 
HTH,
Ann

5

Hi,
yes i saw, but the problem is that LDAP is working well. When i changed to LDAPS is no more working. And this message is coming, when i’m trying to use LDAPS.
Like i said in previous posts, it was done everything i found on different community posts, but still is not working. I also tried with a lot of differents changes (for ldap/ldaps config) but unsuccessfull. I also tried to found any formal documentation regarding this issue, but i’m not successfull.
BR
Robi

6

Hi Robi,

Do you get that error when you connect your dedicated LDAP client via LDAPS?

 
Ann