Hi!
For the last couple of months, ldap has stopped working for us. If we have ldap enabled, it failes with javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09027F, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839 ]
Our previously ldap configuration that was working:
sonar.security.realm=LDAP
ldap.url=ldap://domain:389/
ldap.bindDn=CN=User A,OU=UserA,OU=41-ServiceAccounts,OU=A-Users,OU=Org,DC=utvikling,DC=local
ldap.bindPassword=***
ldap.user.baseDn=OU=A-Users,OU=Org,DC=utvikling,DC=local
ldap.user.request=(&(objectclass=user)(samaccountname={login}))
I suspect that this started to fail because of changes in ldap policies in my organisation. I tried to upgrade to ldaps, but this is currently not supported in our domain.
I then tried to change authentication to DIGEST-MD5, but no luck and the same error occured.
After reading some more about DIGEST-MD5 (https://docs.oracle.com/javase/jndi/tutorial/ldap/security/digest.html), i noticed that you should be able to set integrity protection on the authentication (javax.security.sasl.qop). I could not find any property in the SonarQube config to set the integrity protection, but I was able to try it out in Apache Directory Studio (with the same setup as in SonarQube). When I changed to “Authentication with integrity protection” in ADS the authentication worked!
My question: Is it possible to set this property in the SonarQube ldap configuration? And if not, is it possible to include this configuration in the future?
By my understanding of Java, I would like to set the Sasl.QOP property to “auth-int”
My current config now looks like this:
#sonar.security.realm=LDAP (disabled for now)
ldap.bindDn=UsernameA
ldap.bindPassword=****
ldap.user.baseDn=OU=A-Users,OU=Org,DC=utvikling,DC=local
ldap.user.request=(&(objectclass=user)(samaccountname={login}))
ldap.authentication=DIGEST-MD5
ldap.realm=utvikling
#would like to set ldap.sasl.op = auth-int
SonarQube Version: 8.3.1.34397
Thanks
Christian