Hi all,
I am using two LDAP servers (xxxx.xxxx.xxxx.x / yyyy.yyyy.yyyy.y), and currently, xxxx.xxxx.xxxx.x is linked to SonarQube and running.
I am trying to improve the setup so that if xxxx.xxxx.xxxx.x goes down, LDAP authentication will be performed through yyyy.yyyy.yyyy.y.
Both xxxx.xxxx.xxxx.x and yyyy.yyyy.yyyy.y contain the same AD information.
After adding the above configuration to <SONARQUBE_HOME>/conf/sonar.properties, I started SonarQube, and both servers showed ‘test OK’ in the SonarQube logs.
...
ldap.servers=default,sub
ldap.default.url=ldap://xxxx.xxxx.xxxx.x
...
ldap.sub.url=ldap://yyyy.yyyy.yyyy.y
...
2024.10.03 15:xx:xx INFO web[][o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://xxxx.xxxx.xxxx.x: OK
2024.10.03 15:xx:xx INFO web[][o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://yyyy.yyyy.yyyy.y: OK
After that, I tested whether it would switch to yyyy.yyyy.yyyy.y and perform authentication by cutting off communication between the Container running SonarQube and xxxx.xxxx.xxxx.x.
However, it took more than 10 minutes for the authentication to fail on xxxx.xxxx.xxxx.x, and during that time, the Web UI displayed a 504 error.
it seems that the LDAP authentication is proceeding in the background, as it eventually results in a ‘login success’.
2024.10.03 15:20:16 DEBUG web[<hidden>][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=****,OU=****,OU=****,DC=****,DC=****, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://xxxx.xxxx.xxxx.x, java.naming.security.authentication=simple}
2024.10.03 15:33:30 DEBUG web[<hidden>][o.s.a.l.DefaultLdapAuthenticator] User u12345 not found in server <default>: javax.naming.NamingException: LDAP connection has been closed; remaining name 'OU=****,OU=****,DC=****,DC=****'
2024.10.03 15:33:30 DEBUG web[<hidden>][o.s.a.l.LdapSearch] Search: LdapSearch{baseDn=OU=****,OU=****,DC=****,DC=****, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[u12345], attributes=null}
2024.10.03 15:33:16 DEBUG web[<hidden>][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=****,OU=****,OU=****,DC=****,DC=****, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://yyyy.yyyy.yyyy.y, java.naming.security.authentication=simple}
++++++++++
2024.10.03 15:33:16 DEBUG web[<hidden>][auth.event] login success[method|BASIC][provider|REALM|ldap][IP|****.****.****.****|****.****.****.****, ****.****.****.****][login|u12345]
Is it possible to change the timeout duration for LDAP authentication failure within SonarQube?
(Additional note:
- Due to project circumstances, I am unable to transfer the logs, so I am picking out only the necessary logs.
- Since the LDAP is managed by a different organization, I am unable to make any changes to the LDAP server settings.
- This post is translated by deepl.)
sonarqube version
versions: sonarqube 9.9.0 community
SonarQube deployed: Docker compose