Trouble getting integrated with Active Directory

active_directory
ldap

(Chris Hardie) #1

I have installed SonarQube version 6.7.4 and installed LDPA plugin version 2.2 build 608
My config section is:

# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
ldap.url=ldap://<LDAP Server>:389
ldap.bindDn=SonarQubeSvc
ldap.bindPassword=<Password>
ldap.authentication=GSSAPI

# User Configuration
ldap.user.baseDn=OU=Users,DC=MyDomain,DC=com
ldap.user.request=(&(objectClass=user)(sAMAccountName={login})(|(memberOf=CN=SQUsers,OU=Groups,DC=MyDomain,DC=com)(memberOf=CN=SQAdmins,OU=Groups,DC=MyDomain,DC=com)))
ldap.user.realNameAttribute=displayName
ldap.user.emailAttribute=mail

# Group Configuration
ldap.group.baseDn=OU=Groups,DC=MyDomain,DC=com
ldap.group.request=(&(objectClass=group)(|(cn=SQAdmins)(cn=SQUsers))(member={dn}))  
ldap.group.idAttribute=sAMAccountName

requests have been validated in an ldap tool

This is the only configuration I can use to have the server start up. The logs state o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://<LDAP Server>:389: OK

When I try to log in as a user, I get the following error:

2018.06.19 18:14:28 DEBUG web[AWQaE26TCu7ay22OAAAu][o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09075A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09075A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
...
DEBUG web[AWQaE26TCu7ay22OAAAu][o.s.p.l.LdapUsersProvider] User vxn9 not found in <default>
ERROR web[AWQaE26TCu7ay22OAAAu][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user vxn9 in <default>
...
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09075A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]
...
DEBUG web[AWQaE26TCu7ay22OAAAu][auth.event] login failure [cause|Unable to retrieve details for user vxn9 in <default>][method|FORM][provider|REALM|LDAP][IP|<ip address>|][login|vxn9]

Why does the bind successfully complete when I start the application then fail on a user authentication?


(Nicolas Bontoux) #2

Hi there,

Likely because the initial connection at startup is not a full bind, but rather a quick connection check. Happened to me already, and also in this thread for example, so don’t be misled by that.

Right now the error is pretty clear:

I suggest double-checking credentials, and maybe validating the binding first a simple LDAP client like ldapsearch.

Also, probably worth trying without ldap.authentication=GSSAPI for the time being, to simply the configuration and troubleshoot incrementally.


(Chris Hardie) #3

Nicolas,
I did look at the other thread and none of the issues corrected in that thread are issues that I have. My queries have all been validated through an LDAP tool. I have not been able to get the Simple authentication to work. I have tried many permutations of settings and the only one I have had work (meaning the server successfully started was the set I put in this post. I am going to see if SimpleLDAP gives me any more information I may be able to use.