Unable to filter the groups from LDAP in Sonarqube LDAP integration

prasad-clouduser · November 18, 2021, 8:18am

Hello Team,

I am facing below issue when i tried to integrate LDAP with Sonarqube.

Sonarqube Community EditionVersion 7.9.1 (build 27448)
error observed:

2021.11.18 08:10:33 DEBUG web[AXzvR8UbJLQPOWfjA4Oi][jdk.event.security] ValidationChain: -1346209374, -1040002444
2021.11.18 08:10:33 DEBUG web[AXzvR8UbJLQPOWfjA4Oi][jdk.event.security] TLSHandshake: <>:636, TLSv1.3, TLS_AES_128_GCM_SHA256, -1040002444
2021.11.18 08:10:34 DEBUG web[AXzvR8UbJLQPOWfjA4Oi][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider ‘’
2021.11.18 08:10:34 DEBUG web[AXzvR8UbJLQPOWfjA4Oi][auth.event] login success [method|FORM][provider|REALM|LDAP][IP|<>>|][login|<>]

steps to reproduce:

ldap.group.baseDn=ou=Groups,o=<>
ldap.group.request=(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
ldap.group.idAttribute=cn

I am not able to filter the groups from the LDAP in Sonarqube. I am not able to figure out the root cause from the sonarqube logs. Can anyone help me on this?

prasad-clouduser · November 22, 2021, 1:12pm

Hi Users,

If anyone faced this issue before. Could you provide help on this pls?

Thanks,
Prasad.

ganncamp · December 3, 2021, 8:26pm

Hi,

It’s not clear to me what the problem is. Your logs show login success.

What sort of group filtering are you expecting?

Ann

prasad-clouduser · December 27, 2021, 7:50am

Hi Ann,

Thanks for the response. You can see the below message in the logs I provided.

List of groups returned by the identity provider ‘’

I added the group filtering in the config file to retrieve the groups from the sonarqube but failed to do so and getting empty list from the identity provider as above. If we can retrieve the groups from the Identity provider then it matches the similar groups which I created in the SonarQube and gets the necessary privileges to those groups and users. Let me know if you need any further clarification on this.

Thanks,
Prasad

ganncamp · January 4, 2022, 7:45pm

Hi Prasad,

I’m not sure how I overlooked it before, but your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

7.9.1 → 8.9.5 → 9.2.3 (last step optional)

You may find the Upgrade Guide and the LTS-to-LTS Upgrade Notes helpful. If you have questions about upgrading, feel free to open a new thread for that here.

Regarding your groups, there’s no filtering happening on the SonarQube side if your identity provider isn’t providing any. You’ll need to get the groups returned to SonarQube first.

Ann

prasad-clouduser · January 10, 2022, 10:33am

Thanks Ann for your reply.

We will test it in the latest version. However when tried in the older version we have tried all possible combos in groups filtering, but could not retrieve them in the sonarqube first like above logs suggested.
Do you have any sample groups filtering available which you did anywhere?

Thanks.
Prasad.

ganncamp · January 10, 2022, 6:14pm

Hi Prasad,

My best advice is to use a 3rd-party LDAP client to work through what the group arguments should be.

Ann

prasad-clouduser · January 11, 2022, 7:51am

Thanks Ann, Sure

Ever worked on RBAC implementation in Sonarqube?

Thanks.
Prasad

ganncamp · January 11, 2022, 12:20pm

Hi Prasad,

For the record, I had to look up that acronym.
I understand what you’re trying to do, but SonarQube really isn’t set up for roles.

Ann