I’m trying to install sonarqube 7.7 with ldap authentication against an active directory server and I can’t get it to work. I copied over the settings from another server that runs on the same host, and its ldap settings work.
This is my current configuration in sonarqube:
ldap.url=ldap://myADserver.mydomain.local:389 ldap.bindDn="CN=myldapuser,OU=Users,DC=mydomain,DC=local" # ldap.bindPassword=mypassword ldap.authentication=simple ldap.realm=mydomain.local ldap.user.baseDn="OU=myadgroup,DC=mydomain,DC=local" ldap.user.request="(&(objectClass=user)(sAMAccountName={login}))" ldap.user.realNameAttribute=cnIf i provide a password, sonarqube shuts down during startup with this error message in web.log:
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580This message apparently means that the user is correct, but the password is incorrect. Yet the password works both in the other server and in ldapsearch.
If I comment out the password like above, sonarqube starts up, but can’t authenticate ldap users. I can log in with the default admin user.
DEBUG web[AWqxWJwHqJPbGHfaAAAX][o.s.p.l.LdapUsersProvider] User mypersonaluser not found in <default> ERROR web[AWqxWJwHqJPbGHfaAAAX][o.s.s.a.CredentialsExternalAuthentication] Error during authentication org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user mypersonaluser in <default> Caused by: javax.naming.directory.InvalidSearchFilterException: invalid attribute description DEBUG web[AWqxWJwHqJPbGHfaAAAX][auth.event] login failure [cause|Unable to retrieve details for user mypersonaluser in <default>][method|FORM][provider|REALM|LDAP][IP|server_internal_IP|office_pub_IP][login|mypersonaluser]For completeness sake the config of the other server and the ldapsearch comandline:
base = "OU=myadgroup,DC=mydomain,DC=local", bind_dn = "CN=myldapuser,CN=Users,DC=mydomain,DC=local", host = "myADserver.mydomain.local", label = "ldap", method = "plain", password = "mypassword", port = 389, uid = "sAMAccountName" ldapsearch -D "cn=myldapuser,cn=users,DC=mydomain,DC=local" -p 389 -h myADserver.mydomain.local -b "OU=myadgroup,DC=mydomain,DC=local" "(&(objectClass=user)(sAMAccountName=mypersonaluser))" -u myldapuser -w mypasswordWhat’s wrong with my sonarqube configuration and how do I fix it?
Answer
Looks like you have you password field commented out #?
# ldap.bindPassword=mypassword
You also don’t need “” around the parameters
Unless your server allows anonymous access to the LDAP directory, you need to set bindBn and bindPassword
# Bind DN is the username of an LDAP user to connect (or bind) with.
ldap.bindDn=cn=user,OU=ou,DC=mycompany,DC=local
# Bind Password is the password of the user to connect with.
ldap.bindPassword=secret
Attribution
Source : Link , Question Author : Christoph Gösgens , Answer Author : RickWeb
