Hi I have been struggling to get Active Directory work with SonarQube 5.6 LTS
Please find below the configuration details
sonar.security.realm = LDAP
sonar.authenticator.downcase=false
ldap.url=ldap://xxx.xxxxxx.com:3268
ldap.user.baseDn=cn=users,dc=xxxxxx,dc=com
ldap.user.request = (&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
ldap.group.baseDn=cn=groups,dc=xxxxxx,dc=com
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute = sAMAccountName
ldap.realm = xxxxxx.com
ldap.authentication = simple
ldap.baseDn = dc=xxxxxx dc=com
ldap.bindDn = xxxxxx\\xxxxxx
ldap.bindPassword = xxxxxxx
I do see Test LDAP Connection Ok in the sonarqube logs
2017.01.16 19:00:30 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://xxx.xxxxxx.com:389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=xxxxxx\xxxxxx,
com.sun.jndi.ldap.connect.pool=true,
java.naming.security.authentication=simple,
java.naming.security.sasl.realm=xxxxxx.com,
java.naming.referral=follow}
2017.01.16 19:00:30 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://xxx.xxxxxx.com:389: OK
However, when I try to login with my LDAP username and password , I am not allowed to login. The following message is observed in the logs
2017.01.16 16:44:28 DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user xxxxxx\xxxxx
2017.01.16 16:44:28 DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=users,dc=xxxxxx,dc=com, scope=subtree,
request=(&(objectClass=user)(sAMAccountName={0})),
parameters=[xxxxxx\xxxxxx], attributes=[mail, cn]}
2017.01.16 16:44:28 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://xxx.xxxxxx.com:389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=xxxxxx\xxxxxx,
com.sun.jndi.ldap.connect.pool=true,
java.naming.security.authentication=simple,
java.naming.security.sasl.realm=xxxxxx.com,
java.naming.referral=follow}
2017.01.16 16:44:28 DEBUG web[o.s.p.l.LdapUsersProvider] User xxxxxx\xxxxxx not found in <default>
2017.01.16 16:44:28 DEBUG web[http] POST /sessions/login | time=69ms
2017.01.16 16:44:38 DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user xxxxxx\xxxxxx
2017.01.16 16:44:38 DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=users,dc=xxxxxx,dc=com, scope=subtree,
request=(&(objectClass=user)(sAMAccountName={0})),
parameters=[xxxxxx\xxxxxx], attributes=[mail, cn]}
2017.01.16 16:44:38 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://DC1.xxxxxx.com:389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=xxxxxx\xxxxxx,
com.sun.jndi.ldap.connect.pool=true,
java.naming.security.authentication=simple,
java.naming.security.sasl.realm=xxxxxx.com,
java.naming.referral=follow}
2017.01.16 16:44:38 DEBUG web[o.s.p.l.LdapUsersProvider] User xxxxxx\xxxxxx not found in <default>
2017.01.16 16:44:38 DEBUG web[http] POST /sessions/login | time=55ms
I have tried the following so far:
- Tried using ports : 3268 / 389
- Tried ldapsearch from the command line
ldapsearch -H ldap://xxx.xxxxx.com:3268 dc=xxxxx,dc=com -D 'xxxxxx\xxxxxx' -WBut this also returns empty
I have only one admin user that is configured locally and I am able to login as admin
The same username and the server details work well when I configured Active directory on Jenkins
Where am I going wrong ? What are the other options that I can try ?
ldap.bindDn = ntdomain\logonid is certainly a bad idea, because sonarqube (according to the traces provided by you) searches for the AD user entry with filter predicate (sAMAccountName=ntdomain\logonid). You're supposed to use only the sAMAccountname for ldap.bindDn.
You need to specify the distinguished name of the user (something like cn=...,cn=users,dc=company,dc=tld) to bind ldapsearch to AD cause there is no mapping from sAMAccountName to dn provided by the ldapsearch tool.