Hi Sonar Community,
Currently we are using the latest version of SonarQube Community Edition: v9.4.0.54424 and we are having troubles switching from LDAP to LDAPS.
Tried to read all similar posts about users having issues, but don’t seem to get it to work… We have little java-based applications running so could be I’m missing something.
By the end of the month my organisation will block:
- LDAP SASL over 389 using without a signing request
- LDAP Simple bind over 389
What still will be allowed:
- LDAP SASL over 389 supporting signing requests
- LDAP using STARTTLS over 389
- LDAPS (SSL) over 636
Same for their counterparts global catalog ports
Working current LDAP configuration: [sonar.properties]
sonar.security.realm=LDAP
ldap.bindDn=<service_account_username>
ldap.bindPassword=<verified_password_is_accurate>
sonar.authenticator.downcase=true
ldap.url=ldap://be.mycompany.com:3268
Imported root & computer certificate to [C:\Program Files\Java\jdk-11.0.13\lib\security\cacerts] with the help of KeyStore Explorer. Tried making the switch to LDAPS as follows, which is failing …
sonar.security.realm=LDAP
ldap.bindDn=<service_account_username>
ldap.bindPassword=<verified_password_is_accurate>
sonar.authenticator.downcase=true
ldap.url=ldaps://be.mycompany.com:3269
ldap.StartTLS=false
Tried other configurations as well: Removing portnumber, StartTLS to True instead of false, downcase statement true / false,
Also added following statement which doesn’t make a difference:
sonar.web.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.10.0.jar=web -Djavax.net.ssl.trustStore=$JAVA_HOME/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit
SonarQube Windows Service always stops, giving following debug information, any help would be appreciated. Or easy tools to debug LDAP connections…
Attached [web.log] file, which ran in DEBUG mode:
20220518_SonarQube_LDAPS_Issues.web.log (666.8 KB)