User removed from group after login

After adding a person to the permission group, the person will be automatically deleted from the group after logging in again

Hey there.

You should know this is an english-only forum, sorry. :frowning: I’ve translated your question the best I could using Google.

After adding a person to the permission group, the person will be automatically deleted from the group after logging in again

I would recommend reviewing this very important section of our documentation on Delegated Authentication about Group Mapping.

Group Mapping

When using group mapping, the following caveats apply regardless of which delegated authentication method is used:

  • membership in synchronized groups will override any membership locally configured in SonarQube at each login
  • membership in a group is synched only if a group with the same name exists in SonarQube membership in the default group sonar-users remains (this is a built-in group) even if the group does not exist in the identity provider
  • When group mapping is configured, the delegated authentication source becomes the one and only place to manage group membership, and the user’s groups are re-fetched with each log in.

When group mapping is configured, the delegated authentication source becomes the one and only place to manage group membership, and the user’s groups are re-fetched with each log in.

What authentication provider are you using (LDAP, SAML?)

Thank you for your reply. My sonarqube integrates LDAP

Since Group Mapping is enabled on your SonarQube instance (ldap.group.request and ldap.group.baseDn are configured), what is likely happening is that your users are losing their local SonarQube group membership each time they login. This is expected behavior when group mapping is enabled.

In order to work around this, you should either

  • Disable group mapping (stop configuring ldap.group.request and ldap.group.baseDn in your $SONARQUBE_HOME/conf/sonar.properties file. Group membership can then by managed via local SonarQube groups)
  • Add new groups to your SonarQube server that map to groups that exist on your LDAP server, assign the correct permissions to those groups, and manage membership to those groups through LDAP only. This is the best practice.

Thank you. My problem has been solved

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.