Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure Active Directory for SonarQube 5.6.3 with LDAP 2.0 plugin?

Tags:

active-directory

ldap

sonarqube

I'm struggling with configuring the LDAP 2.0 plugin for Sonarqube 5.6.3 LTS for Active Directory. I read all the plugin docs and got this for our environment:

# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=false
sonar.forceAuthentication=true
ldap.url=ldap://ad1.prod:1389
ldap.bindDn=CN=myUser,OU=Service-Accounts,DC=ad1,DC=prod
ldap.bindPassword=myPassword

# User Configuration
ldap.user.baseDn=DC=ad1,DC=prod
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=displayName
ldap.user.emailAttribute=mail

and when I start Sonarqube I get:

INFO  web[org.sonar.INFO] Security realm: LDAP
INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=ad1,DC=prod, request=(&(objectClass=inetOrgPerson)(uid={0})), realNameAttribute=displayName, emailAttribute=mail}
INFO  web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
ERROR web[o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
java.lang.IllegalStateException: Unable to open LDAP connection
    at org.sonar.plugins.ldap.LdapContextFactory.testConnection

I've tried tweaking the configuration a bit but no luck. Anything stand out to anyone who's more familiar with this?

like image 620
Richard Schaefer Avatar asked Dec 18 '22 12:12

Richard Schaefer

2 Answers

A more efficient search for AD would be something like: 

ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
like image 167
brad Avatar answered Dec 21 '22 02:12

brad

Base problem was wrong LDAP port:

ldap.url=ldap://ad1.prod:1389

should be

ldap.url=ldap://ad1.prod:389

I never bothered to question the 1389 port even though that's not the default LDAP port since I'd copy/pasted from another, working app. I guess I fat-fingered something in the process.

Also, this:

ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))

had to be this:

ldap.user.request=(sAMAccountName={0})

to actually enable searching AD. This is an implementation-specific thing.

like image 42
Richard Schaefer Avatar answered Dec 21 '22 00:12

Richard Schaefer
Sign in to Comment

Related questions

System.DirectoryServices.AccountManagement.NoMatchingPrincipalException: An error occurred while enumerating the groups. The group could not be found

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!