Sonarqube Authentication failed - LDAP

Hi,

I installed Sonarqube on Openshift.
Sonarqube version information is below.

I uploaded the file by customizing the LDAP Configuration field.
There is no LDAP error in the log, but Authentication failed warning on the UI screen.
I can create user from security–> User field with admin user.
But there is no match between LDAP and user. It also wants me to enter the password field on the create user screen.
“LDAP_AUTHENTICATION=simple”
Possible values: simple | CRAM-MD5 | DIGEST-MD5 | GSSAPI
I chose the simple field, is it a wrong choice, is the problem due to this?
LDAP Configuration

    - name: SONAR_SECURITY_REALM
         value: LDAP
       - name: SONAR_AUTHENTICATOR_DOWNCASE
         value: "true"
       - name: LDAP_URL
         value: "ldap://localhost:10389"
       - name: LDAP_BINDDN
         value: "cn=users,ou=Service_User,dc=company,dc=local"
       - name: LDAP_BINDPASSWORD
         valueFrom: 
           secretKeyRef: 
             key: user-password
             name: user
       - name: LDAP_AUTHENTICATION
         value: simple
       - name: LDAP_REALM
         value: company.local
       - name: LDAP_CONTEXTFACTORYCLASS
         value: "com.sun.jndi.ldap.LdapCtxFactory"
       - name: LDAP_STARTTLS
         value: "true"
       - name: LDAP_FOLLOWREFERRALS
         value: "false"
       - name: LDAP_USER_BASEDN
         value: "cn=users,dc=example,dc=local"
       - name: LDAP_USER_REQUEST
         value: "(&(objectClass=user)(sAMAccountName={login}))"
       - name: LDAP_USER_REALNAMEATTRIBUTE
         value: name 
       - name: LDAP_USER_EMAILATTRIBUTE
         value: email
       - name: LDAP_GROUP_BASEDN
         value: "cn=groups,example=,dc=example"
       - name: LDAP_GROUP_REQUEST
         value: "(&(objectClass=group)(member={dn}))"
       - name: LDAP_GROUP_IDATTRIBUTE
         value: "sAMAccountName"    

There is only the following error in the log:

ERROR web[AYNkWk6sy0qaJqa3A7Zw][o.s.s.p.UpdateCenterClient] Fail to connect to update center
org.sonar.api.utils.SonarException: Fail to download: https://update.sonarsource.org/update-center.properties (no proxy)
        at org.sonar.core.util.DefaultHttpDownloader.failToDownload(DefaultHttpDownloader.java:155)
        at org.sonar.core.util.DefaultHttpDownloader.readString(DefaultHttpDownloader.java:113)
        at org.sonar.api.utils.UriReader.readString(UriReader.java:69)
        at org.sonar.server.plugins.UpdateCenterClient.init(UpdateCenterClient.java:99)
        at org.sonar.server.plugins.UpdateCenterClient.getUpdateCenter(UpdateCenterClient.java:82)
        at org.sonar.server.plugins.UpdateCenterMatrixFactory.getUpdateCenter(UpdateCenterMatrixFactory.java:44)
        at org.sonar.server.plugins.ws.PluginWSCommons.compatiblePlugins(PluginWSCommons.java:141)
        at org.sonar.server.plugins.ws.PluginWSCommons.compatiblePluginsByKey(PluginWSCommons.java:146)
        at org.sonar.server.plugins.ws.PendingAction.handle(PendingAction.java:82)
        at org.sonar.server.ws.WebServiceEngine.execute(WebServiceEngine.java:110)
        at org.sonar.server.platform.web.WebServiceFilter.doFilter(WebServiceFilter.java:84)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
        at org.sonar.server.platform.web.SonarLintConnectionFilter.doFilter(SonarLintConnectionFilter.java:66)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
        at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketTimeoutException: connect timed out
        at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
        at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
        at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
        at java.base/java.net.SocksSocketImpl.connect(Unknown Source)
        at java.base/java.net.Socket.connect(Unknown Source)
        at java.base/sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
        at java.base/sun.net.NetworkClient.doConnect(Unknown Source)
        at java.base/sun.net.www.http.HttpClient.openServer(Unknown Source)
        at java.base/sun.net.www.http.HttpClient.openServer(Unknown Source)
        at java.base/sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
        at java.base/sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
        at org.sonar.core.util.DefaultHttpDownloader$BaseHttpDownloader$HttpInputSupplier.getInput(DefaultHttpDownloader.java:272)
        at org.sonar.core.util.DefaultHttpDownloader.readString(DefaultHttpDownloader.java:111)
        ... 55 common frames omitted

My gut feeling is that the environment variables (or at least, SONAR_SECURITY_REALM) isn’t being read. Any idea why it’s indented differently than your other variables?

Hi,
It was accidentally indented when adding it here, it normally aligns with the values below.
It warns when the alignments are not correct on the server, so there is no problem in that part.

I understand that for Sonarqube users we have to create contacts with the create user button. What should the flow be like afterwards? On the Create user screen, it expects me to enter the password of the relevant person. What should happen is that the person enters with their LDAP password. First of all, do I create a temporary password, when will the synchronization take place?

Hey there.

If LDAP is correctly configured, you don’t have to create users – they will be created when a user authenticates correctly with LDAP for the first time.

Do you see any line like this in your logs?

2021.07.15 10:08:08 INFO web[][org.sonar.INFO] Security realm: LDAP