Moved to SAML, Removing LDAP

Hey all! We’ve just successfully moved our user accounts from utilizing LDAP login to SAML login. At this point, we want to unhook LDAP login; however, we have a couple of “LDAP” accounts that have not been switched to SAML that we still need. When I look at the account conversion types, it looks like LDAP and local accounts share the same backend “key” of “sonarqube”. Does SonarQube store the login password for these accounts, or is it always passing it to LDAP? In other words, if we want remove LDAP auth but we still want to be able to login into a couple accounts “locally” (not through SAML), what needs to happen to ensure those logins still work locally to SonarQube?

Thanks!

1 Like

Hi,

Welcome to the community!

We don’t store LDAP passwords locally. For those accounts you want to transition from LDAP to local, update them through the UI to set a password and :magic_wand: they’re local.

 
HTH,
Ann

Awesome, thank you! Can I set that password before disconnecting the LDAP connection? As in, Log them in through LDAP > Update password > now they’re “local” accounts > Kill LDAP connection?

Hi,

Yes, I think that should work. Otherwise, an admin can change the password and then the users can reset.

 
Ann

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.