I'm struggling with configuring the LDAP 2.0 plugin for Sonarqube 5.6.3 LTS for Active Directory. I read all the plugin docs and got this for our environment:
# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=false
sonar.forceAuthentication=true
ldap.url=ldap://ad1.prod:1389
ldap.bindDn=CN=myUser,OU=Service-Accounts,DC=ad1,DC=prod
ldap.bindPassword=myPassword
# User Configuration
ldap.user.baseDn=DC=ad1,DC=prod
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=displayName
ldap.user.emailAttribute=mail
and when I start Sonarqube I get:
INFO web[org.sonar.INFO] Security realm: LDAP
INFO web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=ad1,DC=prod, request=(&(objectClass=inetOrgPerson)(uid={0})), realNameAttribute=displayName, emailAttribute=mail}
INFO web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
ERROR web[o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
java.lang.IllegalStateException: Unable to open LDAP connection
at org.sonar.plugins.ldap.LdapContextFactory.testConnection
I've tried tweaking the configuration a bit but no luck. Anything stand out to anyone who's more familiar with this?
A more efficient search for AD would be something like:
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
Base problem was wrong LDAP port:
ldap.url=ldap://ad1.prod:1389
should be
ldap.url=ldap://ad1.prod:389
I never bothered to question the 1389 port even though that's not the default LDAP port since I'd copy/pasted from another, working app. I guess I fat-fingered something in the process.
Also, this:
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
had to be this:
ldap.user.request=(sAMAccountName={0})
to actually enable searching AD. This is an implementation-specific thing.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With