LDAPS not working intermittently

alexander.mesiano · January 4, 2023, 9:00pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) 9.7
what are you trying to achieve ? We are trying use ldaps for authentication
what have you tried so far to achieve this ? We have ldaps configured and working for most users. some users are not able to log in.

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

We have gotten complaints that a few users are not able to log into sonarqube. I have enabled debug logging to try and find the issue and I noticed this in the logs when the user tried to log in :

     Caused by: javax.naming.CommunicationException: simple bind failed: Domain.com:636
        at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96)
        at java.naming/com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151)
        at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325)
        at java.naming/com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227)
        ... 139 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching Domain.com found.

In the sonarqube config I have an fqdn of a host specified and not the root of the domain it self. For the ldap url I have ldap.url=ldaps://hostname.domain.com:636 specified. I am not sure why it is complaining about the root of the domain. Most users are able to log in without issue it is just a few for now. Not sure if I am missing anything. Any help would be appreciated.

ganncamp · January 5, 2023, 5:58pm

Hi,

Welcome to the community!

Your title says this problem is intermittent. Is the intermittency based on users: some users can always log in and some users never can? Or is it based on time: the same users can log in some times but not others?

Ann

alexander.mesiano · January 5, 2023, 9:58pm

Hello Ann,

Thank you for your reply. The is based on some users who cannot log in at all. So there are two users right now that are having this issue.

ganncamp · January 6, 2023, 3:17pm

Hi,

Thanks for the clarification. My gut tells me it’s something about these two accounts. Can you look at their details in SonarQube and see if they have any “exotic” characters in any of the fields?

Thx,
Ann

alexander.mesiano · January 6, 2023, 9:05pm

Hello Ann,

So these users are not created yet in Sonar Qube as they have not been able to log in.

ganncamp · January 9, 2023, 3:19pm

Hi,

Going back to your initial post, the error you’re seeing is a bind failure. How are you binding? With a service account, or with the user’s own credentials?

And yes, I see the SSLHandshakeException. It might be worth using something like Wireshark to trace exactly what’s happening when these particular users try to log in, versus when other users do.

Ann

alexander.mesiano · January 9, 2023, 5:33pm

Hello Ann,

I am binding with a service account. As for the SSLhandshakeException I will have to look into capturing the packets.

Thank you
Alex