I'm trying to install sonarqube 7.7 with ldap authentication against an active directory server and I can't get it to work. I copied over the settings from another server that runs on the same host, and its ldap settings work.
This is my current configuration in sonarqube:
ldap.url=ldap://myADserver.mydomain.local:389
ldap.bindDn="CN=myldapuser,OU=Users,DC=mydomain,DC=local"
# ldap.bindPassword=mypassword
ldap.authentication=simple
ldap.realm=mydomain.local
ldap.user.baseDn="OU=myadgroup,DC=mydomain,DC=local"
ldap.user.request="(&(objectClass=user)(sAMAccountName={login}))"
ldap.user.realNameAttribute=cn
If i provide a password, sonarqube shuts down during startup with this error message in web.log:
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
This message apparently means that the user is correct, but the password is incorrect. Yet the password works both in the other server and in ldapsearch.
If I comment out the password like above, sonarqube starts up, but can't authenticate ldap users. I can log in with the default admin user.
DEBUG web[AWqxWJwHqJPbGHfaAAAX][o.s.p.l.LdapUsersProvider] User mypersonaluser not found in <default>
ERROR web[AWqxWJwHqJPbGHfaAAAX][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user mypersonaluser in <default>
Caused by: javax.naming.directory.InvalidSearchFilterException: invalid attribute description
DEBUG web[AWqxWJwHqJPbGHfaAAAX][auth.event] login failure [cause|Unable to retrieve details for user mypersonaluser in <default>][method|FORM][provider|REALM|LDAP][IP|server_internal_IP|office_pub_IP][login|mypersonaluser]
For completeness sake the config of the other server and the ldapsearch comandline:
base = "OU=myadgroup,DC=mydomain,DC=local",
bind_dn = "CN=myldapuser,CN=Users,DC=mydomain,DC=local",
host = "myADserver.mydomain.local",
label = "ldap",
method = "plain",
password = "mypassword",
port = 389,
uid = "sAMAccountName"
ldapsearch -D "cn=myldapuser,cn=users,DC=mydomain,DC=local" -p 389 -h myADserver.mydomain.local -b "OU=myadgroup,DC=mydomain,DC=local" "(&(objectClass=user)(sAMAccountName=mypersonaluser))" -u myldapuser -w mypassword
What's wrong with my sonarqube configuration and how do I fix it?
Best Answer
Looks like you have you password field commented out #?
You also don't need "" around the parameters
Unless your server allows anonymous access to the LDAP directory, you need to set bindBn and bindPassword