LDAP groups and SonarQube configuration

Question

We are planning to implement LDAP configuration in SonarQube settings. So in sonar.properties file it is as follows

(&(objectClass=user)
(|(memberOf=CN=GL_group,OU=Groups,DC=project,DC=company,DC=com))
(sAMAccountName={login}))

Now we are planning to create Active Directory (AD) group for all project and then we will add this in GL_group of AD group.

We will also add project group in SonarQube to Sync with AD.

My question is, will this work? i.e.:

• Add new project group in AD
• Add this group in GL_group in AD
• User logged into Sonar
• User is automatically added to project group

Will it be added to GL_group OR project group?

LDAP settings

sonar.security.realm:                      LDAP
sonar.security.savePassword:               false
sonar.authenticator.createUsers:           true
ldap.url:                                  ldap://sonar.engagement.project.country.company.com:389
ldap.bindDn:                               svc_user
ldap.bindPassword:                         password
ldap.authentication:                       simple
ldap.user.baseDn:                          DC=engagement,DC=project,DC=country,DC=company,DC=com
ldap.user.request:                         (&(objectClass=user)(|(memberOf=CN=GL_projectEngagementUsers,OU=projectGroups,DC=engagement,DC=project,DC=country,DC=company,DC=com))(sAMAccountName={login}))
ldap.user.realNameAttribute:               displayName
ldap.user.emailAttribute:                  mail
ldap.group.baseDn:                         DC=engagement,DC=project,DC=country,DC=company,DC=com
ldap.group.idAttribute:                    cn
ldap.group.request:                        (&(objectClass=group)(member={dn}))

Answer 1

If you follow the instructions given on the LDAP plugin documentation page, and more precisely if you activate the group mapping, you will be able to achieve what you described.