TechQA.

SonarQube LDAP authentication is not working

2.8k views Asked by At

Presently, connecting to Apache Directory Server 2.0 from SonarQube 5.0.1. Have given the following entries in sonar.properties file:

# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=false
ldap.url=ldap://10.53.67.11:30389

# User Configuration
ldap.user.baseDn=o=TechMahindra
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

# Group Configuration
ldap.group.baseDn=cn=sonar-users,ou=groups,ou=devops,o=TechMahindra
ldap.group.request=(&(objectClass=groupOfNames)(member={dn}))
ldap.group.idAttribute=cn

With these entries authentication does not work for any user.

Note 1: "Enable Access Control" option is checked in the Apache Directory Server.

Note 2: However, if the above mentioned "Enable Access Control" option is not checked in the Apache Directory Server, authentication works. And, authorization does not work in that case - that is - all users are able to login into SonarQube irrespective of whether the user is part of the sonar-users group in LDAP or not.

authentication ldap authorization sonarqube
Original Q&A
1

There are 1 answers

0
Mahesh On BEST ANSWER
  • "Enable Access Control" is for authorization to access the LDAP Directory Information Tree (and not for authorization of the application). I discovered this later.
  • For application level authorization, attributes like memberOf or isMemberOf are used.
  • Apache Directory Server does not support the memberOf or isMemberOf attribute as on the date of writing this content.

  • Hence, I used OpenLDAP for the purposes and used the memberOf attribute (overlay, in other terms) by adding the same to the slapd.conf file.

    overlay memberof

  • Modified code used for authentication / authorization is given below:

    # LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=false
ldap.url=ldap://10.53.67.8:389/
ldap.bindDn=o=techmahindra
ldap.bindPassword=secret

# User Configuration
ldap.user.baseDn=o=techmahindra
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login})(memberOf=cn=sonar-users,ou=groups,ou=devops,o=techmahindra))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

# Group Configuration
ldap.group.baseDn=ou=groups,ou=devops,o=techmahindra
ldap.group.request=(&(objectClass=groupOfNames)(cn=sonar-users)(member={dn}))
ldap.group.idAttribute=cn

Related Questions in AUTHENTICATION

Related Questions in LDAP

Related Questions in AUTHORIZATION

Related Questions in SONARQUBE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions