Using openLDAP with sonarqube 7.4


(Jodi Einsmann) #1

We are trying to pilot Sonarqube in or development environment. I have installed Sonarqube 7.4 on my RHEL 7.2 machine. I configured ldap with the parameters that I have used successfully run other tools. However, I am not able to get sonarqube to authenticate using ldap. I am just triying to get a basic setup working with LDAP. it has been frustrating. Also, there is really no detail in the logs (set to DEBUG mode). Below I have posted the LDAP config of the sonar.properties file. I have attached theweb-log.txt (29.8 KB)
access-log.txt (12.2 KB)
web and access logs. I would love to know what I am doing wrong in this setup. Thanks in advance for all you input.

LDAP CONFIGURATION

sonar.security.realm=LDAP
sonar.authenticator.downcase=false
ldap.url=ldap://xx.xx.xx.xxx:389
ldap.bindDn=
ldap.bindPassword=

USER MAPPING

ldap.user.baseDn=ou=People,dc=md,dc=hns,dc=net
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=email

GROUP MAPPING

I am using the defaults

==========================================


(Colin Mueller) #2

Jodi,

It feels worth asking – are you restarting the SonarQube service after implementing the LDAP configuration in your $SONARQUBE_HOME/conf/sonar.properties file?

Also, where are you setting the log-level to DEBUG? In the same sonar.properties file?

Regards,

Colin


(Jodi Einsmann) #3

Colin,

Yes, I am restarting using command line like so ./sonar.sh restart. Yes on the second question as well. I set the log level DEBUG in the sonar.properties file.


(Jodi Einsmann) #4

So I removed my previous install of sonarqube CE v 7.4 and reinstalled it using the same LDAP configuration. I am still not able to login successfully using LDAP. But I see the following in the web.log. This section of the log suggests to me that the machine is able to connect to the ldap service without issue. Am I correct?

Server ID: BF41A1F2-AWg5plWzZYU7j-yLvCib
2019.01.10 16:46:24 INFO web[org.sonar.INFO] Security realm: LDAP
2019.01.10 16:46:24 INFO web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=ou=People,dc=md,dc=hns,dc=net, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2019.01.10 16:46:24 INFO web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property ‘ldap.group.baseDn’ is empty.
2019.01.10 16:46:24 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://xx.xx.xx.xxx:389: OK
2019.01.10 16:46:24 INFO web[org.sonar.INFO] Security realm started


(Jodi Einsmann) #5

I think I solved the issue as I am able to now login using ldap credentials. I have posted below what I did so maybe someone else can benefit.

Although connection to ldap server was successful (based on the previous snippet from my web log that I put in the last post) I was still not able to login using ldap. After restarting sonarqube and retrying the login I also see the following in the log.

2019.01.11 08:58:50 DEBUG web[AWg53m+VgzN5R5S4AAA6][o.s.p.l.LdapUsersProvider] Requesting details for user aeinsman
2019.01.11 08:58:50 DEBUG web[AWg53m+VgzN5R5S4AAA6][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=ou=People,dc=md,dc=hns,dc=net, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[aeinsman], attributes=[mail, cn]}
2019.01.11 08:58:50 DEBUG web[AWg53m+VgzN5R5S4AAA6][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://xx.xx.xx.xxx:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2019.01.11 08:58:50 DEBUG web[AWg53m+VgzN5R5S4AAA6][o.s.p.l.LdapUsersProvider] User aeinsman not found in
2019.01.11 08:58:50 DEBUG web[AWg53m+VgzN5R5S4AAA6][auth.event] login failure [cause|No user details][method|FORM][provider|REALM|LDAP][IP|xx.xx.xx.xxx|][login|aeinsman]

so I read some old posts here http://sonarqube-archive.15.x6.nabble.com/Problems-configuring-LDAP-td5016865.html and found that someone changed the ldap.user.requests value like so;

#LDAP user request. (default: (&(objectClass=inetOrgPerson)(uid={login})) )
ldap.user.request=(uid={login})

I did the same and I can now login