LDAP Plugin with Active Directory not working

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP Plugin with Active Directory not working

mandarchatufale
Hello,

I am new to SonarQube. I have installed Sonarqube 5.1 on my local machine and its working fine with admin admin.

Now i want to integrate it with LDAP and AD.
For that i have installed the LDAP plugin from the updatecenter.

Then i referred below link to make the configurations
http://docs.sonarqube.org/display/SONAR/LDAP+Plugin

Below are my configurations
sonar.security.realm=LDAP
sonar.security.savePassword=FALSE
ldap.url=ldap://xxxxx.yyyy.com:zzzz

and when i start the server i get below message in sonar.log file
2015.05.14 09:26:10 INFO  web[org.sonar.INFO] Security realm: LDAP
2015.05.14 09:26:12 INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://jdnet.deere.com:389: OK

I haven't defined any user or groups in my sonarqube.

My Understanding

With above configurations done, i should be able to log in to Sonarqube using my id and password which is configured in LDAP system. However, this is not working. I just get Authentication failed on the login window.

Second step which i want to do is to Map the AD groups. We already have the AD groups defined in the LDAP system. I want to map those AD groups in my Sonarqube. Do i need to define them manually in my Sonarqube or do they automatically sync up with ldap?

As per my understanding, AD group will be used for Authorization purpose.

Can you please provide me the steps to use AD groups and how it works? What all extra configurations are required.

Thanks
 







Reply | Threaded
Open this post in threaded view
|

答复: [sonar-user] LDAP Plugin with Active Directory not working

苏轶
Maybe you miss some properties. Here is my properties in conf/sonar.properties about LDAP:

sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.authenticator.createUsers=true
ldap.url=ldap://xx.xx.xxx.xxx:xxxx
ldap.bindDn=xxxx@xxxx
ldap.bindPassword=xxxx
ldap.authentication=simple
sonar.authenticator.downcase=true

ldap.user.baseDn=xxxxxxx
ldap.user.request=(&(xxxx={login})(objectclass=person))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

sonar.security.localUsers=admin

-----邮件原件-----
发件人: mandarchatufale [mailto:[hidden email]]
发送时间: 2015年5月14日 13:57
收件人: [hidden email]
主题: [sonar-user] LDAP Plugin with Active Directory not working

Hello,

I am new to SonarQube. I have installed Sonarqube 5.1 on my local machine and its working fine with admin admin.

Now i want to integrate it with LDAP and AD.
For that i have installed the LDAP plugin from the updatecenter.

Then i referred below link to make the configurations http://docs.sonarqube.org/display/SONAR/LDAP+Plugin

Below are my configurations
sonar.security.realm=LDAP
sonar.security.savePassword=FALSE
ldap.url=ldap://xxxxx.yyyy.com:zzzz

and when i start the server i get below message in sonar.log file
2015.05.14 09:26:10 INFO  web[org.sonar.INFO] Security realm: LDAP
2015.05.14 09:26:12 INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://jdnet.deere.com:389: OK

I haven't defined any user or groups in my sonarqube.

My Understanding

With above configurations done, i should be able to log in to Sonarqube using my id and password which is configured in LDAP system. However, this is not working. I just get Authentication failed on the login window.

Second step which i want to do is to Map the AD groups. We already have the AD groups defined in the LDAP system. I want to map those AD groups in my Sonarqube. Do i need to define them manually in my Sonarqube or do they automatically sync up with ldap?

As per my understanding, AD group will be used for Authorization purpose.

Can you please provide me the steps to use AD groups and how it works? What all extra configurations are required.

Thanks
 











--
View this message in context: http://sonarqube.15.x6.nabble.com/LDAP-Plugin-with-Active-Directory-not-working-tp5035363.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email






********************************************************************************************************************************
The information in this email is confidential and may be legally privileged. If you have received this email in error or are not the intended recipient, please immediately notify the sender and delete this message from your computer. Any use, distribution, or copying of this email other than by the intended recipient is strictly prohibited. All messages sent to and from us may be monitored to ensure compliance with internal policies and to protect our business.
Emails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. Anyone who communicates with us by email is taken to accept these risks.

�跺����浠惰��璇锋敞��锛�
����浠跺��淇�瀵�淇℃��锛��ヨ���舵����浠讹�璇峰�″����ュ����浜哄苟�存�ュ���伙�涓�寰�浣跨�ㄣ��浼�����澶��舵����浠躲��
杩��洪��浠跺�����版�����稿��瑙����с����浠跺���藉����琚�������琚�淇��广��涓㈠け��琚��村��������璁$���虹��姣�绛�涓�瀹��ㄦ���点��
********************************************************************************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

mandarchatufale
Thanks for the promot reply

Can you explain me the meaning of each line of the configuration and why they are required. I went through the documentation and did not understand much

These are the configuration which you have given
sonar.security.realm=LDAP  - correct
sonar.security.savePassword=true - why this is necessary. i just want ldap authentication?
sonar.authenticator.createUsers=true  - i dont want to store users ..
ldap.url=ldap://xx.xx.xxx.xxx:xxxx  - correct
ldap.bindDn=xxxx@xxxx - Is this mandatory? whats the significance?
ldap.bindPassword=xxxx - Is this mandatory? whats the significance?
ldap.authentication=simple - Is this mandatory ? whats the significance?
sonar.authenticator.downcase=true - Is this mandatory? whats the significance?

ldap.user.baseDn=xxxxxxx - what is the significance of this property ?
ldap.user.request=(&(xxxx={login})(objectclass=person)) - what is the significance of this property?
ldap.user.realNameAttribute=cn - What is the significane of this property?
ldap.user.emailAttribute=mail - What is the significane of this property?

sonar.security.localUsers=admin - What is the significane of this property?


Reply | Threaded
Open this post in threaded view
|

答复: [sonar-user] Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

苏轶
Have you seen this page? Here is a detailed explanation of each property:
http://docs.sonarqube.org/display/SONAR/LDAP+Plugin


-----邮件原件-----
发件人: mandarchatufale [mailto:[hidden email]]
发送时间: 2015年5月14日 15:46
收件人: [hidden email]
主题: [sonar-user] Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

Thanks for the promot reply

Can you explain me the meaning of each line of the configuration and why they are required. I went through the documentation and did not understand much

These are the configuration which you have given sonar.security.realm=LDAP  - correct sonar.security.savePassword=true - why this is necessary. i just want ldap authentication?
sonar.authenticator.createUsers=true  - i dont want to store users ..
ldap.url=ldap://xx.xx.xxx.xxx:xxxx  - correct ldap.bindDn=xxxx@xxxx - Is this mandatory? whats the significance?
ldap.bindPassword=xxxx - Is this mandatory? whats the significance?
ldap.authentication=simple - Is this mandatory ? whats the significance?
sonar.authenticator.downcase=true - Is this mandatory? whats the significance?

ldap.user.baseDn=xxxxxxx - what is the significance of this property ?
ldap.user.request=(&(xxxx={login})(objectclass=person)) - what is the significance of this property?
ldap.user.realNameAttribute=cn - What is the significane of this property?
ldap.user.emailAttribute=mail - What is the significane of this property?

sonar.security.localUsers=admin - What is the significane of this property?






--
View this message in context: http://sonarqube.15.x6.nabble.com/LDAP-Plugin-with-Active-Directory-not-working-tp5035363p5035365.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email






********************************************************************************************************************************
The information in this email is confidential and may be legally privileged. If you have received this email in error or are not the intended recipient, please immediately notify the sender and delete this message from your computer. Any use, distribution, or copying of this email other than by the intended recipient is strictly prohibited. All messages sent to and from us may be monitored to ensure compliance with internal policies and to protect our business.
Emails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. Anyone who communicates with us by email is taken to accept these risks.

�跺����浠惰��璇锋敞��锛�
����浠跺��淇�瀵�淇℃��锛��ヨ���舵����浠讹�璇峰�″����ュ����浜哄苟�存�ュ���伙�涓�寰�浣跨�ㄣ��浼�����澶��舵����浠躲��
杩��洪��浠跺�����版�����稿��瑙����с����浠跺���藉����琚�������琚�淇��广��涓㈠け��琚��村��������璁$���虹��姣�绛�涓�瀹��ㄦ���点��
********************************************************************************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

mandarchatufale
In reply to this post by mandarchatufale
My one more question around this is
"Why do we need to configure "Users and Groups" ? What is the significance of those?



Reply | Threaded
Open this post in threaded view
|

Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

G. Ann Campbell
If you're talking about configuring users and groups within SonarQube, the answer is to determine what people can do/see once they're logged in.
sonar.authenticator.createUsers=true creates the user record in the SonarQube database after a user's first successful login. From there, you can add that user to groups to grant permissions on specific projects & etc.



---
G. Ann CAMPBELL | SonarSource
Product Owner

On Thu, May 14, 2015 at 6:03 AM, mandarchatufale <[hidden email]> wrote:
My one more question around this is
"Why do we need to configure "Users and Groups" ? What is the significance
of those?







--
View this message in context: http://sonarqube.15.x6.nabble.com/LDAP-Plugin-with-Active-Directory-not-working-tp5035363p5035367.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

mandarchatufale
Got it, Thanks.

Can you please explain each property below ...and Mandatory and Optional properties.
My requirement is that , i want to login using my ldap uid and password. LDAP System should authenticate me and then after that we have Predefined AD groups which i want to use in SonarQube for Authorization  

sonar.authenticator.createUsers=true  - i dont want to store users ..
ldap.url=ldap://xx.xx.xxx.xxx:xxxx  - correct
ldap.bindDn=xxxx@xxxx - Is this mandatory? whats the significance?
ldap.bindPassword=xxxx - Is this mandatory? whats the significance?
ldap.authentication=simple - Is this mandatory ? whats the significance?
sonar.authenticator.downcase=true - Is this mandatory? whats the significance?

ldap.user.baseDn=xxxxxxx - what is the significance of this property ?
ldap.user.request=(&(xxxx={login})(objectclass=person)) - what is the significance of this property?
ldap.user.realNameAttribute=cn - What is the significane of this property?
ldap.user.emailAttribute=mail - What is the significane of this property?

sonar.security.localUsers=admin - What is the significane of this property?

Thanks in Advance
Reply | Threaded
Open this post in threaded view
|

Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

G. Ann Campbell
Except for sonar.security.localUsers, these properties govern how your SonarQube server connects to and queries your LDAP server. You should really talk to your LDAP server admin to understand which of these you want/need because the answers will depend on how your LDAP is configured.

sonar.security.localUsers specifies which logins should not be sent to LDAP for authentication, but checked against the local DB instead.



---
G. Ann CAMPBELL | SonarSource
Product Owner

On Thu, May 14, 2015 at 10:30 AM, mandarchatufale <[hidden email]> wrote:
Got it, Thanks.

Can you please explain each property below ...and Mandatory and Optional
properties.
My requirement is that , i want to login using my ldap uid and password.
LDAP System should authenticate me and then after that we have Predefined AD
groups which i want to use in SonarQube for Authorization

sonar.authenticator.createUsers=true  - i dont want to store users ..
ldap.url=ldap://xx.xx.xxx.xxx:xxxx  - correct
ldap.bindDn=xxxx@xxxx - Is this mandatory? whats the significance?
ldap.bindPassword=xxxx - Is this mandatory? whats the significance?
ldap.authentication=simple - Is this mandatory ? whats the significance?
sonar.authenticator.downcase=true - Is this mandatory? whats the
significance?

ldap.user.baseDn=xxxxxxx - what is the significance of this property ?
ldap.user.request=(&(xxxx={login})(objectclass=person)) - what is the
significance of this property?
ldap.user.realNameAttribute=cn - What is the significane of this property?
ldap.user.emailAttribute=mail - What is the significane of this property?

sonar.security.localUsers=admin - What is the significane of this property?

Thanks in Advance



--
View this message in context: http://sonarqube.15.x6.nabble.com/LDAP-Plugin-with-Active-Directory-not-working-tp5035363p5035378.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

mandarchatufale
Hi,

So i have put below properties after talking to few ppl.
sonar.security.realm=LDAP
ldap.url=ldap://abc.xyz.com:389
ldap.user.baseDn:dc=abc,dc=XYZ,dc=com
ldap.user.request:(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

even after putting above properties , log in is not working. I get below error

2015.05.18 15:21:27 DEBUG web[o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1

javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1


Am i missing any more property?

Reply | Threaded
Open this post in threaded view
|

Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working

G. Ann Campbell
You don't seem to have bind credentials listed in your properties. Is anonymous bind allowed? I would download an LDAP client and use it to make sure you can bind with the the values you're using. That will allow you to narrow down the issue.



---
G. Ann CAMPBELL | SonarSource
Product Owner

On Mon, May 18, 2015 at 7:18 AM, mandarchatufale <[hidden email]> wrote:
Hi,

So i have put below properties after talking to few ppl.
sonar.security.realm=LDAP
ldap.url=ldap://abc.xyz.com:389
ldap.user.baseDn:dc=abc,dc=XYZ,dc=com
ldap.user.request:(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

even after putting above properties , log in is not working. I get below
error

<a href="tel:2015.05.18%2015" value="+12015051815">2015.05.18 15:21:27 DEBUG web[o.s.p.l.LdapUsersProvider] [LDAP: error code 1
- 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this
operation a successful bind must be completed on the connection., data 0,
v1db1

javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr:
DSID-0C0906E8, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v1db1


Am i missing any more property?





--
View this message in context: http://sonarqube.15.x6.nabble.com/LDAP-Plugin-with-Active-Directory-not-working-tp5035363p5035457.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email