Hello team,
We are using Sonarqube developer edition (6.3.0.1234) and LDAP for authentication.
We have the below LDAP configuration in sonar.properties file.
ldap.url=<<LDAP-URL>>
ldap.bindDn=CN=LDAPUser-Sonarqube,OU=LDAP,OU=Users,OU=abcd,DC=domain,DC=abcd-domain,DC=de
ldap.bindPassword=<<Bind password>>
ldap.user.baseDn=OU=Users,OU=abcd,DC=domain,DC=abcd-domain,DC=de
ldap.user.request=(sAMAccountName={0})
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
ldap.group.baseDn=OU=Groups,OU=abcd,DC=domain,DC=abcd-domain,DC=de
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute=sAMAccountName
In sonarqube, we have default group sonar-users, sonar-administrators and some other groups specific to project.
Issue 1: If a user is added to either sonar-administrators group or any other group specific to project, the user access is removed once the user login to sonarqube. User permissions at “global permission” works. But we are unable to manage user and group authorization from sonarqube.
Issue 2: We need to access to external employees who can able to view only specific application and not all the projects exists in the sonarqube. What would be the better approach in this case.
We had a plan to create a group and add the employees to the group and create and apply permission template specific to that project. But when a user is created in sonarqube by default they get access to sonar-users, we need to get rid of it.
Issues we are facing in this approach,
Unable to remove the users from sonar-users group. Do you have any solution, how to remove users from default group ?
In case, if a user is associated with sonar-users which has least privilege and project specific group which has highest privilege, then which permission would be applied. Is it the least or highest privilege ?