For the last couple of months, ldap has stopped working for us. If we have ldap enabled, it failes with javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09027F, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839 ]
Our previously ldap configuration that was working:
I suspect that this started to fail because of changes in ldap policies in my organisation. I tried to upgrade to ldaps, but this is currently not supported in our domain.
I then tried to change authentication to DIGEST-MD5, but no luck and the same error occured.
After reading some more about DIGEST-MD5 (https://docs.oracle.com/javase/jndi/tutorial/ldap/security/digest.html), i noticed that you should be able to set integrity protection on the authentication (javax.security.sasl.qop). I could not find any property in the SonarQube config to set the integrity protection, but I was able to try it out in Apache Directory Studio (with the same setup as in SonarQube). When I changed to “Authentication with integrity protection” in ADS the authentication worked!
My question: Is it possible to set this property in the SonarQube ldap configuration? And if not, is it possible to include this configuration in the future?
By my understanding of Java, I would like to set the Sasl.QOP property to “auth-int”
My current config now looks like this:
#sonar.security.realm=LDAP (disabled for now)
#would like to set ldap.sasl.op = auth-int
SonarQube Version: 188.8.131.52397