We have just performed an upgrade to SonarQube 5.6 in a test environment. The current Sonar 5.2 is work fine in production with LDAP authentication.
I can login with my AD credentials, but i have no group membership when I check my permissions through the local admin account.
Also, in addition to my original LDAP account in Sonar, i now have a 2nd account with syntax [email protected] instead of just username. My username account still has the original group memberships as expected, but the new created [email protected] doesn't.
When i try to manually assign groups in sonar they are cleared on the next login, which is intended i believe.
I have enabled to debug log and this shows it does actually still find the memberOf groups from active directory, but it doesn't link them to my account. The groups still exist in Sonar.
2016.06.08 11:20:55 DEBUG web[o.s.p.l.w.WindowsUsersProvider] Requesting details for user: nico
2016.06.08 11:20:55 DEBUG web[o.s.p.l.w.WindowsAuthenticationHelper] Getting details for user: nico
2016.06.08 11:20:55 DEBUG web[o.s.p.l.w.AdConnectionHelper] Getting active directory bind string for domain: Domain
2016.06.08 11:20:55 DEBUG web[o.s.p.l.w.AdConnectionHelper] Active directory bind string for the domain Domain: LDAP://Domain/DC=domain,DC=com
2016.06.08 11:20:56 DEBUG web[o.s.p.l.w.WindowsAuthenticationHelper] Details for user nico: UserDetails{name=Nico (nico), [email protected], userId=nico@Domain}
2016.06.08 11:20:56 DEBUG web[o.s.p.l.w.WindowsAuthenticationHelper] Authenticating user: nico
2016.06.08 11:21:03 DEBUG web[o.s.p.l.w.WindowsAuthenticationHelper] Getting groups for user: Domain\nico
2016.06.08 11:21:03 DEBUG web[o.s.p.l.w.WindowsAuthenticationHelper] Groups for the user Domain\nico : [Sonar Admins@Domain, Sonar Users@Domain]
2016.06.08 11:21:03 DEBUG web[o.s.s.u.NewUserNotifier] User created: nico@Domain. Notifying NewUserHandler handlers...
What I notice about the log is that the username property used doesn't look consistent. At one point it says "Authenticating user: nico" and in the other "getting groups for Domain\Nico" and in the end "Created user [email protected]" 3 different user names are used.
Is this something I can/should control ? or would this be an issue with SonarQube.
Looking forward to your feedback.
Nico
This is my LDAP Configuration
# LDAP configuration
# General Configuration
sonar.security.realm: LDAP
sonar.security.savePassword: true
sonar.authenticator.createUsers: true
sonar.security.localUsers: admin,sonar-build
ldap.url: ldap://ipadress:389
ldap.bindDn: CN=SonarUser,OU=Service Accounts,DC=domain,DC=com
ldap.bindPassword: {aes}xxx
# User Configuration
ldap.user.baseDn: DC=domain,DC=com
ldap.user.request: (&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute: cn
ldap.user.emailAttribute: mail
# Group Configuration
ldap.group.baseDn: DC=domain,DC=com
ldap.group.request: (&(objectClass=group)(memberUid={uid}))
I have found this blog page, that is describing the changes in the LDAP addin
It confirms the problems i was having and the issues i still have today with duplicate user accounts.
Hope this helps someone else.
Nico