1
votes

We are trying to configure the LDAP 2.0 plugin for SonarQube 5.6 to be able to authenticate users in our AD domain. In the sonar.log we get the following feedback:

2016.09.12 10:55:16 INFO web[o.s.s.p.ServerPluginRepository] Deploy plugin C# / 5.3.1 / 6d9c99cb816b5d82ee23b51dbb05f9ee37a3bf2d 2016.09.12 10:55:16 INFO web[o.s.s.p.ServerPluginRepository] Deploy plugin JavaScript / 2.11 / a9b1afa9ceef7079811779d9efc5f8026acb1400 2016.09.12 10:55:16 INFO web[o.s.s.p.ServerPluginRepository] Deploy plugin LDAP / 2.0 / 2910f3981167a70a201ccfae01471dfd26c794b7 2016.09.12 10:55:16 INFO web[o.s.s.p.ServerPluginRepository] Deploy plugin Web / 2.4 / 61c14c00da36f77d18c019ad2bd7942708e99c13 2016.09.12 10:55:16 INFO web[o.s.d.c.MssqlCharsetHandler] Verify that database columns are case-sensitive and accent-sensitive 2016.09.12 10:55:16 INFO web[o.s.s.p.RailsAppsDeployer] Deploying Ruby on Rails applications 2016.09.12 10:55:16 INFO web[o.s.s.p.RailsAppsDeployer] Deploying app: ldap 2016.09.12 10:55:18 INFO web[o.s.s.p.UpdateCenterClient] Update center: http://update.sonarsource.org/update-center.properties (no proxy) 2016.09.12 10:55:18 INFO web[org.sonar.INFO] Security realm: LDAP 2016.09.12 10:55:18 INFO web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=ou=****,dc=****,dc=****, request=(&(objectClass=User)(sAMAccountName={0})), realNameAttribute=Displayname, emailAttribute=mail} 2016.09.12 10:55:18 INFO web[o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=ou=****,dc=****,dc=****, idAttribute=cn, requiredUserAttributes=[dn], request=(&(objectClass=Group)(name={0}))} 2016.09.12 10:55:18 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://****:389: OK 2016.09.12 10:55:18 INFO web[org.sonar.INFO] Security realm started

The security realm is started, but login attempts never succeed. In the sonar.log we receive the following error during a login attempt:

ERROR web[rails] Error from external users provider: exception Java::OrgSonarApiUtils::SonarException: Unable to retrieve details for user **** in

We've added the following configuration in sonar.properties:

# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
ldap.url: ldap://****:389
sonar.forceAuthentication=true 
ldap.windows.compatibilityMode = true

# User Configuration
ldap.user.baseDn=ou=***,dc=***,dc=***
ldap.user.request=(&(objectClass=User)(sAMAccountName={login}))
ldap.user.realNameAttribute=Displayname
ldap.user.emailAttribute=mail

# Group Configuration
ldap.group.baseDn=ou=***,dc=***,dc=***
ldap.group.request=(&(objectClass=Group)(name={dn}))

In the adminstration we are also unable to find users. We've tested the request query (&(objectClass=User)(sAMAccountName={login})) using another tool and it works fine. We are wondering how we should authorize the users. Should they be available in the users page (in administration/security)?

1
First thing, you don't need anymore "ldap.windows.compatibilityMode = true" with LDAP 2.0, as it was used for Active Directory SSO feature. Then can you send the whole error generated during authentication ? ThanksJulien L. - SonarSource Team
We are getting the following error now after increasing the log level: 2016.09.15 08:43:34 DEBUG web[o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090749, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 ] javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090749, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 ] This is the entire log: 1drv.ms/u/s!AjQuj_xHAAUnwnmJHVHaRK2n_j_ZJeffrey Zeeman
As said by Nico in his answer, have you provided ldap.bindDn and ldap.bindPassword ?Julien L. - SonarSource Team

1 Answers

1
votes

Configure ldap.bindDn and ldap.bindPassword in your sonar.properties (see LDAP Plugin documentation). Without it the plugin falls back to anonymous access and in most environments the authentication attempt will therefore fail.

Note: setting sonar.log.level=DEBUG usually gives good details on what the underlying problem is.