Switch from LDAP based auth to Crowd

Dear Support,

We are using Sonarqube DE 8.1.
Currently we are using LDAP authentication, and it is working fine.
The only issue I have is that a new user is automatically have access to Sonarqube, without ‘granted’ rights explicitly.

We have 3 user groups:

  • normal users
  • quality gate admins: those who can administer/change quality profiles/gates
  • system admins: those who can administer the system

I am considering to switch to Crowd based authentication, but I am not sure what would this mean for the existing users.
As far as I can see (checking the Postgresql DB), there are user accounts in the Sonarqube database. These are probably mapped to users in LDAP.

If we move to Crowd based auth

  1. what will happen to the existing users in the sonarqube database?
    Are those updated, or those will be ignored and new entries will be created?

  2. Would a new user be able to login to Sonarqube, if in Crowed he is a member of the dedicated ‘sonar-user’ group? This is the whole purpose and advantage of Crows: central location of user administration for multiple applications.

  3. How should my 3 user group look like? Should those be also created in Crowd? Where could I assign the necessary rights to these groups? If Crowd connection is proper, those groups in Crowd that are assigned to Sonarqube will be listed in the group administration page of Sonarqube?

I tried to gather information on this topic, but it seems that to Crowd plugin is not maintained by Sonarqube itself, so the documentation of the plugin is really bare minimum. And it only covers how to setup the Sonarqube server to talk to Crowd, and mentioned nothing about users and groups.



As the Crowd plugin is using the same Realm API as the LDAP plugin, it’s indeed possible to do this move, even if I’ve never tried it on my side.
For existing users, if the login declared in LDAP are the same as the login declared in Crowd, they will be able to authenticate as before, without any action.

Then about the group mapping : the sonar-users group is the default group of all users, so this cannot be changed neither in LDAP or Crowd.
For others groups, i don’t know how the Crowd plugin is doing, but most probably it should work the same way as the LDAP plugin : the groups you want to map users to SonarQube should be declared in Crowd.


Ok, perfect ! Do not hesitate to write your progress / success here.

I manged to make it working:

Go through all users as administrator, and update the ‘Authentication type’ entry from LDAP to CROWD.

Thanks @tcsabina for the update on this, I’m sure it will help other users !

I am terrible sorry but I just realize that I made a mess of this topic.
I actually added steps describing what to do in Rhodecode, instead of Sonarqube…
Rhodecode is our SCM, and I am in the middle of using Crowd based user authentication for both of our Rhodecode server and Sonarqube server.

I don’t know what kind of brain-f**t did I have when replying to my own thread about a solution I need to do in Rhodecode :grimacing:.

Anyhow, the questions are still open, as I haven’t yet started to experiment with Crowd in Sonarqube.
I think the best is if I delete those comments, related to Rhodecode, as they are absolutely confusing.

I apologize for anyone that came across this thread…

Hi Tams,

No pb, thanks for your honesty and for coming back and explain what you were talking about.

Do not to hesitate to update this thread when you’ll be able to move forward on this.