Hi

I am using sonarqube 9.9.5 LTA. I have configured LDAP in sonarqube.

When I add one user as administrator and saved. After some time automatically admin rights removed for that user.

below is the LDAP configuration i am using in sonar.properties file.

sonar.security.realm=LDAP
ldap.url=ldap://ldap-****.com:389
ldap.bindDn=
ldap.bindPassword=

User Configuration

ldap.user.baseDn=dc=,dc=com
ldap.user.request=(&(objectClass=-person)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

Group Configuration

ldap.group.baseDn=dc=**,dc=com
ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))

Hey there.

How are admin rights being assigned to the user? Are they being assigned to a specific group, like sonar-administrators?

I ask because unless sonar-administrators (or whatever group) exists in your LDAP server, those permissions will by removed since you have LDAP group sync turned on (you have specified ldap.group.* parameters.

As documented:

When using group synchronization, the following details apply regardless of which delegated authentication method is used:

• Memberships in a group are synchronized only if a group with the same name exists in SonarQube Server. Administrators must first create or rename groups in SonarQube Server.
• Memberships in synchronized groups override any membership configured locally in SonarQube Server. When enabling group synchronization, manually added group memberships get reset.
• Memberships in the default built-in sonar-users group remain even if the group does not exist in the identity provider.

For specific details about group synchronization, refer to each provider’s group synchronization section.

When group synchronization is configured, group memberships can only be managed from the delegated authentication source, and the user’s groups are re-fetched with each login. It is not possible to use both manual group memberships and group synchronization (via your ALM integration) for the same user.