I’m trying out SonarQube in our environment and I’m… a bit fuzzy on setting up a connection to our AD (LDAP). I’m facing several issues:
LDAP to AD requires a user / password specified in the configuration. I’ve managed to get SonarQube running as a service with an AD login specifically so I don’t need to provide any credentials. Is it possible to have SonarQube use the “run as” service login when binding with LDAP?
I only managed to get the connection working using the 389 LDAP port. I tried to get it to connect via SSL over 636, but that just… failed. Is the 389-port-based communication secure?
I’d be more than happy to provide additional information… if I knew what information was required.
You’ll need to explicitly configure the user who has permissions on your LDAP server. No integrated security mechanism here like you might find with connecting to the database.
You should get details about the failure in your web.log file under the /logs/ directory.
That’s the problem. The only thing in the logs is the following:
2020.02.15 11:50:27 INFO web[][org.sonar.INFO] Security realm: LDAP
2020.02.15 11:50:27 INFO web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=OU=ARP,DC=arp,DC=local, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2020.02.15 11:50:27 INFO web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=DC=arp,DC=local, idAttribute=sAMAccountName, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2020.02.15 11:50:27 INFO web[][o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
2020.02.15 11:50:27 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
at org.picocontainer.behaviors.Stored.start(Stored.java:110)
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:559)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: org.sonar.auth.ldap.LdapException: Unable to open LDAP connection
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:215)
at org.sonar.auth.ldap.LdapRealm.init(LdapRealm.java:63)
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:87)
... 19 common frames omitted
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.
at java.naming/com.sun.jndi.ldap.Connection.readReply(Connection.java:426)
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365)
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2795)
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:320)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.sonar.auth.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:138)
at org.sonar.auth.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:96)
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:211)
... 21 common frames omitted
I know LDAP is available over that port (as I’ve tested it using LDP.exe). I’m thinking I need to specify that this is an SSL connection somehow…?
