Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure Active Directory for SonarQube 5.6.3 with LDAP 2.0 plugin?

I'm struggling with configuring the LDAP 2.0 plugin for Sonarqube 5.6.3 LTS for Active Directory. I read all the plugin docs and got this for our environment:

# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=false
sonar.forceAuthentication=true
ldap.url=ldap://ad1.prod:1389
ldap.bindDn=CN=myUser,OU=Service-Accounts,DC=ad1,DC=prod
ldap.bindPassword=myPassword

# User Configuration
ldap.user.baseDn=DC=ad1,DC=prod
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=displayName
ldap.user.emailAttribute=mail

and when I start Sonarqube I get:

INFO  web[org.sonar.INFO] Security realm: LDAP
INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=DC=ad1,DC=prod, request=(&(objectClass=inetOrgPerson)(uid={0})), realNameAttribute=displayName, emailAttribute=mail}
INFO  web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
ERROR web[o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
java.lang.IllegalStateException: Unable to open LDAP connection
    at org.sonar.plugins.ldap.LdapContextFactory.testConnection

I've tried tweaking the configuration a bit but no luck. Anything stand out to anyone who's more familiar with this?

like image 620
Richard Schaefer Avatar asked Dec 18 '22 12:12

Richard Schaefer


2 Answers

A more efficient search for AD would be something like:

ldap.user.request=(&(objectClass=user)(sAMAccountName={login})) 
like image 167
brad Avatar answered Dec 21 '22 02:12

brad


Base problem was wrong LDAP port:

ldap.url=ldap://ad1.prod:1389

should be

ldap.url=ldap://ad1.prod:389

I never bothered to question the 1389 port even though that's not the default LDAP port since I'd copy/pasted from another, working app. I guess I fat-fingered something in the process.

Also, this:

ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))

had to be this:

ldap.user.request=(sAMAccountName={0})

to actually enable searching AD. This is an implementation-specific thing.

like image 42
Richard Schaefer Avatar answered Dec 21 '22 00:12

Richard Schaefer