Hello,
I am new to SonarQube. I have installed Sonarqube 5.1 on my local machine and its working fine with admin admin. Now i want to integrate it with LDAP and AD. For that i have installed the LDAP plugin from the updatecenter. Then i referred below link to make the configurations http://docs.sonarqube.org/display/SONAR/LDAP+Plugin Below are my configurations sonar.security.realm=LDAP sonar.security.savePassword=FALSE ldap.url=ldap://xxxxx.yyyy.com:zzzz and when i start the server i get below message in sonar.log file 2015.05.14 09:26:10 INFO web[org.sonar.INFO] Security realm: LDAP 2015.05.14 09:26:12 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://jdnet.deere.com:389: OK I haven't defined any user or groups in my sonarqube. My Understanding With above configurations done, i should be able to log in to Sonarqube using my id and password which is configured in LDAP system. However, this is not working. I just get Authentication failed on the login window. Second step which i want to do is to Map the AD groups. We already have the AD groups defined in the LDAP system. I want to map those AD groups in my Sonarqube. Do i need to define them manually in my Sonarqube or do they automatically sync up with ldap? As per my understanding, AD group will be used for Authorization purpose. Can you please provide me the steps to use AD groups and how it works? What all extra configurations are required. Thanks |
Maybe you miss some properties. Here is my properties in conf/sonar.properties about LDAP:
sonar.security.realm=LDAP sonar.security.savePassword=true sonar.authenticator.createUsers=true ldap.url=ldap://xx.xx.xxx.xxx:xxxx ldap.bindDn=xxxx@xxxx ldap.bindPassword=xxxx ldap.authentication=simple sonar.authenticator.downcase=true ldap.user.baseDn=xxxxxxx ldap.user.request=(&(xxxx={login})(objectclass=person)) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail sonar.security.localUsers=admin -----邮件原件----- 发件人: mandarchatufale [mailto:[hidden email]] 发送时间: 2015年5月14日 13:57 收件人: [hidden email] 主题: [sonar-user] LDAP Plugin with Active Directory not working Hello, I am new to SonarQube. I have installed Sonarqube 5.1 on my local machine and its working fine with admin admin. Now i want to integrate it with LDAP and AD. For that i have installed the LDAP plugin from the updatecenter. Then i referred below link to make the configurations http://docs.sonarqube.org/display/SONAR/LDAP+Plugin Below are my configurations sonar.security.realm=LDAP sonar.security.savePassword=FALSE ldap.url=ldap://xxxxx.yyyy.com:zzzz and when i start the server i get below message in sonar.log file 2015.05.14 09:26:10 INFO web[org.sonar.INFO] Security realm: LDAP 2015.05.14 09:26:12 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://jdnet.deere.com:389: OK I haven't defined any user or groups in my sonarqube. My Understanding With above configurations done, i should be able to log in to Sonarqube using my id and password which is configured in LDAP system. However, this is not working. I just get Authentication failed on the login window. Second step which i want to do is to Map the AD groups. We already have the AD groups defined in the LDAP system. I want to map those AD groups in my Sonarqube. Do i need to define them manually in my Sonarqube or do they automatically sync up with ldap? As per my understanding, AD group will be used for Authorization purpose. Can you please provide me the steps to use AD groups and how it works? What all extra configurations are required. Thanks -- View this message in context: http://sonarqube.15.x6.nabble.com/LDAP-Plugin-with-Active-Directory-not-working-tp5035363.html Sent from the SonarQube Users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email ******************************************************************************************************************************** The information in this email is confidential and may be legally privileged. If you have received this email in error or are not the intended recipient, please immediately notify the sender and delete this message from your computer. Any use, distribution, or copying of this email other than by the intended recipient is strictly prohibited. All messages sent to and from us may be monitored to ensure compliance with internal policies and to protect our business. Emails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. Anyone who communicates with us by email is taken to accept these risks. �跺����浠惰��璇锋敞��锛� ����浠跺��淇�瀵�淇℃��锛��ヨ���舵����浠讹�璇峰�″����ュ����浜哄苟�存�ュ���伙�涓�寰�浣跨�ㄣ��浼�����澶��舵����浠躲�� 杩��洪��浠跺�����版�����稿��瑙����с����浠跺���藉����琚�������琚�淇��广��涓㈠け��琚��村��������璁$���虹��姣�绛�涓�瀹��ㄦ���点�� ******************************************************************************************************************************** |
Thanks for the promot reply
Can you explain me the meaning of each line of the configuration and why they are required. I went through the documentation and did not understand much These are the configuration which you have given sonar.security.realm=LDAP - correct sonar.security.savePassword=true - why this is necessary. i just want ldap authentication? sonar.authenticator.createUsers=true - i dont want to store users .. ldap.url=ldap://xx.xx.xxx.xxx:xxxx - correct ldap.bindDn=xxxx@xxxx - Is this mandatory? whats the significance? ldap.bindPassword=xxxx - Is this mandatory? whats the significance? ldap.authentication=simple - Is this mandatory ? whats the significance? sonar.authenticator.downcase=true - Is this mandatory? whats the significance? ldap.user.baseDn=xxxxxxx - what is the significance of this property ? ldap.user.request=(&(xxxx={login})(objectclass=person)) - what is the significance of this property? ldap.user.realNameAttribute=cn - What is the significane of this property? ldap.user.emailAttribute=mail - What is the significane of this property? sonar.security.localUsers=admin - What is the significane of this property? |
Have you seen this page? Here is a detailed explanation of each property:
http://docs.sonarqube.org/display/SONAR/LDAP+Plugin -----邮件原件----- 发件人: mandarchatufale [mailto:[hidden email]] 发送时间: 2015年5月14日 15:46 收件人: [hidden email] 主题: [sonar-user] Re: 答复: [sonar-user] LDAP Plugin with Active Directory not working Thanks for the promot reply Can you explain me the meaning of each line of the configuration and why they are required. I went through the documentation and did not understand much These are the configuration which you have given sonar.security.realm=LDAP - correct sonar.security.savePassword=true - why this is necessary. i just want ldap authentication? sonar.authenticator.createUsers=true - i dont want to store users .. ldap.url=ldap://xx.xx.xxx.xxx:xxxx - correct ldap.bindDn=xxxx@xxxx - Is this mandatory? whats the significance? ldap.bindPassword=xxxx - Is this mandatory? whats the significance? ldap.authentication=simple - Is this mandatory ? whats the significance? sonar.authenticator.downcase=true - Is this mandatory? whats the significance? ldap.user.baseDn=xxxxxxx - what is the significance of this property ? ldap.user.request=(&(xxxx={login})(objectclass=person)) - what is the significance of this property? ldap.user.realNameAttribute=cn - What is the significane of this property? ldap.user.emailAttribute=mail - What is the significane of this property? sonar.security.localUsers=admin - What is the significane of this property? -- View this message in context: http://sonarqube.15.x6.nabble.com/LDAP-Plugin-with-Active-Directory-not-working-tp5035363p5035365.html Sent from the SonarQube Users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email ******************************************************************************************************************************** The information in this email is confidential and may be legally privileged. If you have received this email in error or are not the intended recipient, please immediately notify the sender and delete this message from your computer. Any use, distribution, or copying of this email other than by the intended recipient is strictly prohibited. All messages sent to and from us may be monitored to ensure compliance with internal policies and to protect our business. Emails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. Anyone who communicates with us by email is taken to accept these risks. �跺����浠惰��璇锋敞��锛� ����浠跺��淇�瀵�淇℃��锛��ヨ���舵����浠讹�璇峰�″����ュ����浜哄苟�存�ュ���伙�涓�寰�浣跨�ㄣ��浼�����澶��舵����浠躲�� 杩��洪��浠跺�����版�����稿��瑙����с����浠跺���藉����琚�������琚�淇��广��涓㈠け��琚��村��������璁$���虹��姣�绛�涓�瀹��ㄦ���点�� ******************************************************************************************************************************** |
In reply to this post by mandarchatufale
My one more question around this is
"Why do we need to configure "Users and Groups" ? What is the significance of those? |
If you're talking about configuring users and groups within SonarQube, the answer is to determine what people can do/see once they're logged in. sonar.authenticator.createUsers=true creates the user record in the SonarQube database after a user's first successful login. From there, you can add that user to groups to grant permissions on specific projects & etc. On Thu, May 14, 2015 at 6:03 AM, mandarchatufale <[hidden email]> wrote: My one more question around this is |
Got it, Thanks.
Can you please explain each property below ...and Mandatory and Optional properties. My requirement is that , i want to login using my ldap uid and password. LDAP System should authenticate me and then after that we have Predefined AD groups which i want to use in SonarQube for Authorization sonar.authenticator.createUsers=true - i dont want to store users .. ldap.url=ldap://xx.xx.xxx.xxx:xxxx - correct ldap.bindDn=xxxx@xxxx - Is this mandatory? whats the significance? ldap.bindPassword=xxxx - Is this mandatory? whats the significance? ldap.authentication=simple - Is this mandatory ? whats the significance? sonar.authenticator.downcase=true - Is this mandatory? whats the significance? ldap.user.baseDn=xxxxxxx - what is the significance of this property ? ldap.user.request=(&(xxxx={login})(objectclass=person)) - what is the significance of this property? ldap.user.realNameAttribute=cn - What is the significane of this property? ldap.user.emailAttribute=mail - What is the significane of this property? sonar.security.localUsers=admin - What is the significane of this property? Thanks in Advance |
Except for sonar.security.localUsers, these properties govern how your SonarQube server connects to and queries your LDAP server. You should really talk to your LDAP server admin to understand which of these you want/need because the answers will depend on how your LDAP is configured. sonar.security.localUsers specifies which logins should not be sent to LDAP for authentication, but checked against the local DB instead. On Thu, May 14, 2015 at 10:30 AM, mandarchatufale <[hidden email]> wrote: Got it, Thanks. |
Hi,
So i have put below properties after talking to few ppl. sonar.security.realm=LDAP ldap.url=ldap://abc.xyz.com:389 ldap.user.baseDn:dc=abc,dc=XYZ,dc=com ldap.user.request:(&(objectClass=user)(sAMAccountName={login})) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail even after putting above properties , log in is not working. I get below error 2015.05.18 15:21:27 DEBUG web[o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 Am i missing any more property? |
You don't seem to have bind credentials listed in your properties. Is anonymous bind allowed? I would download an LDAP client and use it to make sure you can bind with the the values you're using. That will allow you to narrow down the issue. On Mon, May 18, 2015 at 7:18 AM, mandarchatufale <[hidden email]> wrote: Hi, |
Free forum by Nabble | Edit this page |