Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
latest - what are you trying to achieve
- what have you tried so far to achieve this
- sonar.security.realm=LDAP
- ldap.url=ldap://192.168.12.58:389
- ldap.bindDn=cn=DevOps Administrator,ou=people,dc=tuleap,dc=local
- ldap.bindPassword=xxx
- ldap.user.baseDn=ou=people,dc=tuleap,dc=local
- ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
- ldap.user.realNameAttribute=cn
- ldap.user.emailAttribute=mail
- ldap.group.baseDn=ou=groups,dc=tuleap,dc=local
- ldap.group.request=(&(objectClass=posixGroup)(|(cn=sonar-administrators)(cn=sonar-users))(memberUid={uid}))
# test, groups, tuleap.local
dn: cn=test,ou=groups,dc=tuleap,dc=local
objectClass: posixGroup
gidNumber: 10002
cn: test
memberUid: test
# test test, people, tuleap.local
dn: cn=test test,ou=people,dc=tuleap,dc=local
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
homeDirectory: /home/test
uid: test
cn: test test
uidNumber: 10003
gidNumber: 10002
sn: test
givenName: test
mail: test@prpm.org
userPassword:: xxx
Log in with user test:
I can enter sonarqube, this is a bug, because the test user does not belong to the groups allowed to enter (| (cn = sonar-administrators) (cn = sonar-users))
the openldap logs says:
in the first user search it gives “err = 0 nentries = 1”
in the second search of that user’s group it gives “err = 0 nentries = 0”, that is, no entry.
So why do you enter sonarqube if open-ldap don’t find any entry?
ldap | 5df34001 conn=2107 op=9 SRCH base="ou=people,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(uid=test))"
ldap | 5df34001 conn=2107 op=9 SRCH attr=mail cn
ldap | 5df34001 conn=2107 op=9 SEARCH RESULT tag=101 err=0 nentries=1 text=
ldap | 5df34001 conn=2107 op=10 SRCH base="ou=people,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(uid=test))"
ldap | 5df34001 conn=2107 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=
ldap | 5df34001 conn=2110 fd=26 ACCEPT from IP=172.19.0.1:47982 (IP=0.0.0.0:389)
ldap | 5df34001 conn=2110 op=0 BIND dn="cn=test test,ou=people,dc=tuleap,dc=local" method=128
ldap | 5df34001 conn=2110 op=0 BIND dn="cn=test test,ou=people,dc=tuleap,dc=local" mech=SIMPLE ssf=0
ldap | 5df34001 conn=2110 op=0 RESULT tag=97 err=0 text=
ldap | 5df34001 conn=2107 op=11 SRCH base="ou=people,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(uid=test))"
ldap | 5df34001 conn=2107 op=11 SRCH attr=uid
ldap | 5df34001 conn=2107 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
ldap | 5df34001 conn=2110 op=1 UNBIND
ldap | 5df34001 conn=2110 fd=26 closed
ldap | 5df34001 conn=2107 op=12 SRCH base="ou=groups,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=posixGroup)(|(cn=sonar-administrators)(cn=sonar-users))(memberUid=test))"
ldap | 5df34001 conn=2107 op=12 SRCH attr=cn
ldap | 5df34001 conn=2107 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text=
This user works fine, has the group cn = sonar-administrators and enters as administrator in sonarqube.
# sonar-administrators, groups, tuleap.local
dn: cn=sonar-administrators,ou=groups,dc=tuleap,dc=local
objectClass: posixGroup
gidNumber: 10003
cn: sonar-administrators
memberUid: devops_admin
# DevOps Administrator, people, tuleap.local
dn: cn=DevOps Administrator,ou=people,dc=tuleap,dc=local
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
homeDirectory: /home/devops_admin
uid: devops_admin
cn: DevOps Administrator
uidNumber: 10000
sn: DevOps Administrator
givenName: DevOps Administrator
mail: devops_admin@prpm.org
userPassword:: xxx
gidNumber: 10003
ldap | 5df34024 conn=2107 op=13 SRCH base="ou=people,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(uid=devops_admin))"
ldap | 5df34024 conn=2107 op=13 SRCH attr=mail cn
ldap | 5df34024 conn=2107 op=13 SEARCH RESULT tag=101 err=0 nentries=1 text=
ldap | 5df34024 conn=2107 op=14 SRCH base="ou=people,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(uid=devops_admin))"
ldap | 5df34024 conn=2107 op=14 SEARCH RESULT tag=101 err=0 nentries=1 text=
ldap | 5df34024 conn=2111 fd=26 ACCEPT from IP=172.19.0.1:48412 (IP=0.0.0.0:389)
ldap | 5df34024 conn=2111 op=0 BIND dn="cn=DevOps Administrator,ou=people,dc=tuleap,dc=local" method=128
ldap | 5df34024 conn=2111 op=0 BIND dn="cn=DevOps Administrator,ou=people,dc=tuleap,dc=local" mech=SIMPLE ssf=0
ldap | 5df34024 conn=2111 op=0 RESULT tag=97 err=0 text=
ldap | 5df34024 conn=2107 op=15 SRCH base="ou=people,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(uid=devops_admin))"
ldap | 5df34024 conn=2107 op=15 SRCH attr=uid
ldap | 5df34024 conn=2107 op=15 SEARCH RESULT tag=101 err=0 nentries=1 text=
ldap | 5df34024 conn=2111 op=1 UNBIND
ldap | 5df34024 conn=2111 fd=26 closed
ldap | 5df34024 conn=2107 op=16 SRCH base="ou=groups,dc=tuleap,dc=local" scope=2 deref=3 filter="(&(objectClass=posixGroup)(|(cn=sonar-administrators)(cn=sonar-users))(memberUid=devops_admin))"
ldap | 5df34024 conn=2107 op=16 SRCH attr=cn
ldap | 5df34024 conn=2107 op=16 SEARCH RESULT tag=101 err=0 nentries=1 text=