Sync SonarQube Groups with AD

sonarprincipal · August 14, 2024, 3:23pm

Hi all,

We’re currently running SonarQube Community 9.9.3 in AKS. We’re using SAML for users to login. We also have LDAP configured as we’d like to synchronize SonarQube groups with AD, if possible, to manage user access within SonarQube in terms of who should have access to certain projects.

Is it possible to synchronize SonarQube groups with AD?
Assuming the above is possible, is it possible to disable LDAP login (as we’re using SAML)?

Below is how we have LDAP configured in our sonar.properties:

  sonar.properties: |
    sonar.security.realm=LDAP
    sonar.authenticator.downcase=true
    ldap.url=ldap://.....:389
    ldap.bindDn=$(ldap.bindDn)
    ldap.bindPassword=$(ldap.bindPassword)
    ldap.authentication=simple
    ldap.user.baseDn=ou=......,dc=...,dc=com
    ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
    ldap.group.baseDn=ou=......,dc=...,dc=com
    ldap.group.request=(&(objectClass=group)(member={dn}))
    ldap.group.idAttribute=sAMAccountName

ganncamp · August 15, 2024, 1:26pm

Hi,

You can synchronize groups from whatever the users are logging in with. But you cannot have them log in with one system and pull their groups from another.

HTH,
Ann