Sonarqube 5.2, LDAP plugin 1.5: users losing privileges at their next login?

Question

I have installed SonarQube 5.2 and the LDAP plugin 1.5 a few hours ago. I am really happy about the easy configuration of the LDAP plugin in an Active Directory domain.

But I experience something which looks like a huge problem.

1) An AD user loads the web page of the SonarQube instance

• [behind the scenes] a user is being created (starting up from the headers of the HTTP request and the information present in the Active Directory)

2) An administrator of the platform (e.g. admin, default administrator of the platform) gives her some rights (e.g. add her to the sonar-administrators group)

• the web interface shows an updated set of rights for this user

3) The user starts a new session

• !!! The user has lost all of its rights. She doesn't belong anymore to the sonar-administrators group

• (expected behavior) the user gets an updated interface, with the menus reserved to the sonar-administrators group

Am I missing some important part of the documentation?

Answer 1

You have configured SonarQube to use an external system to manage security, in this particular case Active Directory. So the default (and expected) behaviour is to delegate both the authentication and the authorizations to this system.

In your example, if you want the user to belong to some specific group, you have to configure this in your Active Directory. Next time the user logs in, he will be associated to this(those) group(s).

Note that the groups must exist in SonarQube otherwise this won't work (i.e. you have to manually add them in the "Security > Groups" ).