SonarQube LDAP setting help

deron.chen · May 24, 2021, 3:06am

Hi all, I’m now using SonarQube version 8.9.
Now I want to integrate LDAP into our SonarQube server.
Here is my configuration.

sonar.security.realm=LDAP
sonar.authenticator.downcase=true
ldap.url=ldap://LOCALHOST:PORT
ldap.authentication=simple

ldap.bindDn=Deron.Chen@my_company.com
ldap.bindPassword=********

ldap.user.baseDn=DC=MY_COMPANY,DC=CORP

ldap.user.request=(&(objectClass=user))

ldap.user.realNameAttribute=CN
ldap.user.emailAttribute=mail

But when I want to log in with a LDAP account, the website shows authentication failed.

and here is log in the access.log.

localhost - - [24/May/2021:11:02:09 +0800] "POST /sq/api/authentication/login HTTP/1.1" 401 - "https://localhost/sq/sessions/new?return_to=%2Fsq%2Fadmin%2Fusers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "AXmcPfNhrwOGC39LAAAU"

I really need some help here.

ganncamp · June 3, 2021, 2:50pm

Hi,

What do your server logs say? Specifically web.log?

Ann

deron.chen · June 4, 2021, 1:33am

Hi Ann,

Thanks for replying.
The startup log in web.log is:

2021.06.04 09:27:16 INFO  web[][o.s.p.ProcessEntryPoint] Starting web
2021.06.04 09:27:17 INFO  web[][o.a.t.u.n.NioSelectorPool] Using a shared selector for servlet write/read
2021.06.04 09:27:17 INFO  web[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: developer-edition, developer-scanner, developer-server, license
2021.06.04 09:27:17 INFO  web[][o.s.s.e.EsClientProvider] Connected to local Elasticsearch: [http://localhost:9001]
2021.06.04 09:27:18 INFO  web[][o.s.s.p.LogServerVersion] SonarQube Server / 8.9.0.43852 / 681d1975f698b70fc4e981593f7bed298ff2f60d
2021.06.04 09:27:18 INFO  web[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://localhost/de_sonarqube
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerFileSystemImpl] SonarQube home: /opt/sonarqube-8.9.0.43852
2021.06.04 09:27:19 INFO  web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin ABAP Code Quality and Security / 3.9.1.3127 / a62ddf6ddd7379d398a58d32c9931a2feef61e24
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin C# Code Quality and Security / 8.22.0.31243 / e3cee7838d992e31dcdd90cf4f7406bb20535e8e
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin CFamily Code Quality and Security / 6.20.0.31240 / 0939445d175313ef5e5a8ab187de529fbfbd776a
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin CSS Code Quality and Security / 1.4.2.2002 / faa7d4f1407df67df7ada53caf677ab783721173
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Flex Code Quality and Security / 2.6.1.2564 / bb723840701bda72510b7a47742811d20daad331
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Go Code Quality and Security / 1.8.3.2219 / d6ad7a5a47fc4785d2e80918fb7424be46e38a7f
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin HTML Code Quality and Security / 3.4.0.2754 / 38f7ff864ae15152c9f1efc3014594f7e7ca7b6e
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin JaCoCo / 1.1.1.1157 / 83478572b9f23efac29de15e30c7758bbb0c0e47
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Java Code Quality and Security / 6.15.1.26025 / 1b1e96715bfa9f6a4ae24e95cc5b91f0edce609f
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin JavaScript/TypeScript Code Quality and Security / 7.4.2.15501 / 288a72ff137745d1d1054c704a03c2344ada0ea3
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Kotlin Code Quality and Security / 1.8.3.2219 / d6ad7a5a47fc4785d2e80918fb7424be46e38a7f
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin PHP Code Quality and Security / 3.17.0.7439 / 44c7760147080c157fa0ff579772f92d3c8e1ebf
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin PL/SQL Code Quality and Security / 3.6.1.3873 / 342f7fcf17ecb7fbf827a2aacf630be1f4157625
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Python Code Quality and Security / 3.4.1.8066 / 22139ec73fb2f32044f66477ea52734415683668
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Ruby Code Quality and Security / 1.8.3.2219 / d6ad7a5a47fc4785d2e80918fb7424be46e38a7f
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Scala Code Quality and Security / 1.8.3.2219 / d6ad7a5a47fc4785d2e80918fb7424be46e38a7f
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Swift Code Quality and Security / 4.3.1.4892 / 2b249272bc4430519bdab769886b12c9a82084b5
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin T-SQL Code Quality and Security / 1.5.1.4340 / 11f3de5739b539749d6c2848bda8fc90135d91b6
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin VB.NET Code Quality and Security / 8.22.0.31243 / e3cee7838d992e31dcdd90cf4f7406bb20535e8e
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Vulnerability Analysis / 8.9.0.11439 / 04498e7b336a73db9508145d1e8cc44b9330528d
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Vulnerability Rules for C# / 8.9.0.11439 / 04498e7b336a73db9508145d1e8cc44b9330528d
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Vulnerability Rules for JS / 8.9.0.11439 / 04498e7b336a73db9508145d1e8cc44b9330528d
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Vulnerability Rules for Java / 8.9.0.11439 / 04498e7b336a73db9508145d1e8cc44b9330528d
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Vulnerability Rules for PHP / 8.9.0.11439 / 04498e7b336a73db9508145d1e8cc44b9330528d
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin Vulnerability Rules for Python / 8.9.0.11439 / 04498e7b336a73db9508145d1e8cc44b9330528d
2021.06.04 09:27:19 INFO  web[][o.s.s.p.ServerPluginManager] Deploy plugin XML Code Quality and Security / 2.2.0.2973 / 16002945f0725643a7b42f090572795dd8b72a0f
2021.06.04 09:27:21 INFO  web[][o.s.s.p.d.m.c.PostgresCharsetHandler] Verify that database charset supports UTF8
2021.06.04 09:27:21 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.WebServiceFilter@e324e30 [pattern=UrlPattern{inclusions=[/api/system/migrate_db.*, ...], exclusions=[/api/components/update_key, ...]}]
2021.06.04 09:27:21 INFO  web[][o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000
2021.06.04 09:27:22 INFO  web[][A.A.A.A.A.C] JavaScript/TypeScript frontend is enabled
2021.06.04 09:27:22 INFO  web[][o.s.s.p.UpdateCenterClient] Update center: https://update.sonarsource.org/update-center.properties (no proxy)
2021.06.04 09:27:24 INFO  web[][o.s.s.s.LogServerId] Server ID: 48A82A8B-AXVFLg6WegjE6XExVZTQ
2021.06.04 09:27:24 WARN  web[][o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property 'Administration > Configuration > Server base URL' to a HTTPS URL.
2021.06.04 09:27:24 INFO  web[][org.sonar.INFO] Security realm: LDAP
2021.06.04 09:27:24 INFO  web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=COMPANY,DC=CORP, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2021.06.04 09:27:24 INFO  web[][o.s.a.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
2021.06.04 09:27:24 INFO  web[][o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://LDAP_SERVER:PORT: OK
2021.06.04 09:27:24 INFO  web[][org.sonar.INFO] Security realm started
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/plugins/download
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/permissions/search_templates
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/list_bitbucketserver_projects
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/check_pat
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/list_azure_projects
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/search_bitbucketserver_repos
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/search_azure_repos
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/list_github_organizations
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/list_github_repositories
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_integrations/get_github_client_id
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_settings/get_binding
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_settings/list
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_settings/list_definitions
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_settings/count_binding
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/alm_settings/validate
2021.06.04 09:27:25 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/support/info
2021.06.04 09:27:25 INFO  web[][o.s.s.t.TelemetryDaemon] Sharing of SonarQube statistics is enabled.
2021.06.04 09:27:25 INFO  web[][o.s.s.n.NotificationDaemon] Notification service started (delay 60 sec.)
2021.06.04 09:27:25 INFO  web[][com.sonarsource.C.G] Loaded virtual plugin License for SonarLint
2021.06.04 09:27:25 INFO  web[][o.s.s.a.p.ExpiredSessionsCleaner] Purge of expired session tokens has removed 0 elements
2021.06.04 09:27:25 INFO  web[][o.s.s.a.p.ExpiredSessionsCleaner] Purge of expired SAML message ids has removed 0 elements
2021.06.04 09:27:25 INFO  web[][o.s.s.s.GeneratePluginIndex] Generate scanner plugin index
2021.06.04 09:27:25 INFO  web[][o.s.s.s.RegisterPlugins] Register plugins
2021.06.04 09:27:25 INFO  web[][o.s.s.s.RegisterMetrics] Register metrics
2021.06.04 09:27:25 INFO  web[][o.s.s.r.RegisterRules] Register rules
2021.06.04 09:27:41 INFO  web[][o.s.s.q.BuiltInQProfileRepositoryImpl] Load quality profiles
2021.06.04 09:27:41 INFO  web[][o.s.s.q.RegisterQualityProfiles] Register quality profiles
2021.06.04 09:27:41 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile cpp/Sonar way
2021.06.04 09:27:41 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile css/Sonar way
2021.06.04 09:27:41 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile c/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile scala/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile jsp/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile go/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile kotlin/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile js/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile py/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile tsql/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile ruby/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile plsql/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile cs/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile java/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile web/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile xml/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile flex/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile php/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile php/PSR-2
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile php/Drupal
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile vbnet/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile abap/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile ts/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile objc/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile swift/Sonar way
2021.06.04 09:27:42 INFO  web[][o.s.s.s.RegisterPermissionTemplates] Register permission templates
2021.06.04 09:27:42 INFO  web[][o.s.s.s.RenameDeprecatedPropertyKeys] Rename deprecated property keys
2021.06.04 09:27:42 INFO  web[][o.s.s.s.UpgradeSuggestionsCleaner] Dismissed messages cleanup
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.SonarLintConnectionFilter@7837c4ce [pattern=UrlPattern{inclusions=[/api/*], exclusions=[]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.WebServiceFilter@148c8d01 [pattern=UrlPattern{inclusions=[/api/issues/delete_comment.*, ...], exclusions=[/api/authentication/login.*, ...]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.WebServiceReroutingFilter@4f209c44 [pattern=UrlPattern{inclusions=[/api/components/bulk_update_key, ...], exclusions=[]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.plugins.PluginsRiskConsentFilter@750bf408 [pattern=UrlPattern{inclusions=[/*], exclusions=[*.css, ...]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter@5d01844b [pattern=UrlPattern{inclusions=[/*], exclusions=[*.css, ...]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.InitFilter@5ea7b0dd [pattern=UrlPattern{inclusions=[/sessions/init/*], exclusions=[]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.OAuth2CallbackFilter@78373f75 [pattern=UrlPattern{inclusions=[/oauth2/callback/*], exclusions=[]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.ResetPasswordFilter@67cdd8b0 [pattern=UrlPattern{inclusions=[/*], exclusions=[*.css, ...]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.ws.LoginAction@141c9a6b [pattern=UrlPattern{inclusions=[/api/authentication/login], exclusions=[]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.ws.LogoutAction@7f9b83d1 [pattern=UrlPattern{inclusions=[/api/authentication/logout], exclusions=[]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.ws.ValidateAction@51bd280f [pattern=UrlPattern{inclusions=[/api/authentication/validate], exclusions=[]}]
2021.06.04 09:27:42 INFO  web[][o.s.s.q.ProjectsInWarningDaemon] Counting number of projects in warning is not started as there are no projects in this situation.
2021.06.04 09:27:42 INFO  web[][o.s.s.p.p.PlatformLevelStartup] Running Developer Edition
2021.06.04 09:27:42 INFO  web[][o.s.s.p.Platform] WebServer is operational

Best Regards,
Deron.Chen

ganncamp · June 4, 2021, 12:23pm

Hi,

I wasn’t actually interested in the startup log. Do you see anything added to the log (web.log or the others) for a failed LDAP auth attempt?

Ann

deron.chen · June 7, 2021, 1:52am

Hi,

I got no logs in web.log when auth login failed with LDAP, but with this log in access.log

172.17.5.115 - - [07/Jun/2021:09:49:24 +0800] "POST /sq/api/authentication/login HTTP/1.1" 401 - "https://MySonarQubeIP/sessions/new?return_to=%2Fsq%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "AXnYU+X24XsRTrctAAYP"

ganncamp · June 7, 2021, 7:22pm

Hi,

LDAP errors should show up in the logs, so I’m not sure what’s going on here. I’ve flagged this for more expert attention.

Ann