LDAP Authentication issue
1,117 views
Skip to first unread message
SK
Mar 2, 2017, 7:23:16 PM3/2/17
to SonarQube
Hello
I thought only my userid was affected by this, but today a couple of users are also having this issue and cannot even log in. Please let me know what settings I might have done incorrectly. I previously had the updateUserAttributes set to true and then set it to false and restarted Sonar, no use.
LDAP settings in sonar.properties
sonar.security.realm=LDAP
sonar.authenticator.createUsers=true
sonar.security.savePassword=true
sonar.security.updateUserAttributes=false
ldap.url=ldap://<servername>.<company>.com:389
ldap.bindDn=CN=Sonarqube,OU=ServiceAccounts,DC=<company>,DC=com
ldap.bindPassword=<Password>
ldap.realm=<company>.com
# User Configuration
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
Error:
2017.03.02 15:52:52 ERROR web[][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user qjin in <default>
at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84) ~[na:na]
at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58) ~[na:na]
at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:89) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:83) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:56) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:45) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:91) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:76) [sonar-server-6.1.jar:na]
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126) [sonar-server-6.1.jar:na]
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:60) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.web.RoutesFilter.doFilter(RoutesFilter.java:55) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:113) [sonar-server-6.1.jar:na]
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:81) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:191) [logback-access-1.1.3.jar:na]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_111]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
Caused by: javax.naming.PartialResultException: null
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:237) ~[na:1.8.0_111]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:347) ~[na:1.8.0_111]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227) ~[na:1.8.0_111]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:347) ~[na:1.8.0_111]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227) ~[na:1.8.0_111]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189) ~[na:1.8.0_111]
at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:145) ~[na:na]
at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80) ~[na:na]
... 36 common frames omitted
Caused by: javax.naming.CommunicationException: <company>.com:389
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150) ~[na:1.8.0_111]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325) ~[na:1.8.0_111]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227) ~[na:1.8.0_111]
... 43 common frames omitted
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.8.0_111]
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[na:1.8.0_111]
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[na:1.8.0_111]
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[na:1.8.0_111]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:1.8.0_111]
at java.net.Socket.connect(Socket.java:589) ~[na:1.8.0_111]
at java.net.Socket.connect(Socket.java:538) ~[na:1.8.0_111]
at java.net.Socket.<init>(Socket.java:434) ~[na:1.8.0_111]
at java.net.Socket.<init>(Socket.java:211) ~[na:1.8.0_111]
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:363) ~[na:1.8.0_111]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64) ~[na:1.8.0_111]
at com.sun.jndi.ldap.pool.Connections.getOrCreateConnection(Connections.java:203) ~[na:1.8.0_111]
at com.sun.jndi.ldap.pool.Connections.get(Connections.java:144) ~[na:1.8.0_111]
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:148) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:329) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1606) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) ~[na:1.8.0_111]
at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) ~[na:1.8.0_111]
at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601) ~[na:1.8.0_111]
at javax.naming.spi.NamingManager.processURL(NamingManager.java:381) ~[na:1.8.0_111]
at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361) ~[na:1.8.0_111]
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119) ~[na:1.8.0_111]
... 46 common frames omitted
Julien Lancelot
Mar 3, 2017, 2:38:54 AM3/3/17
to SK, SonarQube
Hi,
Are you sure the LDAP server is set to to right URL ? Is it still up ?
Because the error is : "Caused by: java.net.ConnectException: Connection timed out (Connection timed out)", which means that SonarQube is unable to connect to the LDAP server.
Regards,
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/f7098d7c-5e67-46de-a0ca-0a423b867ec6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Julien LANCELOT | SonarSource
Message has been deleted
SK
Mar 3, 2017, 2:14:01 PM3/3/17
to SonarQube, sreer...@gmail.com
Yes Julien. The LDAP server is up and running. I am able to ping it.
Also, when Sonarqube is coming up, it reports that it has successfully connected to the LDAP server.
2017.03.02 11:24:00 INFO web[][o.s.s.p.ServerPluginRepository] Deploy plugin PMD / 2.6 / f419f834b4bea51f9b6da33517b7f6186db5c066
2017.03.02 11:24:01 INFO web[][o.s.s.p.w.RailsAppsDeployer] Deploying Ruby on Rails applications
2017.03.02 11:24:02 INFO web[][o.s.s.p.UpdateCenterClient] Update center: https://update.sonarsource.org/update-center.properties (no proxy)
2017.03.02 11:24:02 INFO web[][org.sonar.INFO] Security realm: LDAP
2017.03.02 11:24:02 INFO web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=dc=<company>,dc=com, request=(&(objectClass=user)(sAMA
ccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2017.03.02 11:24:02 INFO web[][o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
2017.03.02 11:24:02 INFO web[][o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://<server>.<company>.com:389: OK
2017.03.02 11:24:02 INFO web[][org.sonar.INFO] Security realm started
2017.03.02 11:24:02 INFO web[][o.s.s.n.NotificationDaemon] Notification service started (delay 60 sec.)
2017.03.02 11:24:03 INFO web[][o.s.s.s.RegisterMetrics] Register metrics
2017.03.02 11:24:03 INFO web[][o.s.s.r.RegisterRules] Register rules
2017.03.02 11:24:08 INFO web[][o.s.s.q.RegisterQualityProfiles] Register quality profiles
2017.03.02 11:24:12 INFO web[][o.s.s.s.RegisterNewMeasureFilters] Register measure filters
2017.03.02 11:24:12 INFO web[][o.s.s.s.RegisterDashboards] Register dashboards
2017.03.02 11:24:12 INFO web[][o.s.s.s.RegisterPermissionTemplates] Register permission templates
2017.03.02 11:24:12 INFO web[][o.s.s.s.RenameDeprecatedPropertyKeys] Rename deprecated property keys
2017.03.02 11:24:12 INFO web[][o.s.s.e.IndexerStartupTask] Index issues
2017.03.02 11:24:12 INFO web[][o.s.s.e.IndexerStartupTask] Index tests
2017.03.02 11:24:12 INFO web[][o.s.s.e.IndexerStartupTask] Index users
2017.03.02 11:24:12 INFO web[][o.s.s.e.IndexerStartupTask] Index views
2017.03.02 11:24:13 INFO web[][jruby.rack] jruby 1.7.9 (ruby-1.8.7p370) 2013-12-06 87b108a on OpenJDK 64-Bit Server VM 1.8.0_111-b15 [linux-amd64
]
2017.03.02 11:24:13 INFO web[][jruby.rack] using a shared (threadsafe!) runtime
2017.03.02 11:24:19 INFO web[][jruby.rack] keeping custom (config.logger) Rails logger instance
2017.03.02 11:24:19 INFO web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.ws.WebServiceFilter@518eb71e [pattern=
org.sonar.api.web.ServletFilter$UrlPattern@6b8a352e]
2017.03.02 11:24:19 INFO web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.authentication.InitFilter@43858ce6 [pa
SK
Mar 6, 2017, 1:35:48 PM3/6/17
to SonarQube
Hi
I am still having these issues show up in the logs. please let me know what other configuration you need to see and I'll be happy to show that.
nicolas...@sonarsource.com
Mar 15, 2017, 9:56:20 AM3/15/17
to SonarQube
Hi there,
The error seems to occur during processing of referral information:
Caused by: javax.naming.CommunicationException: <company>.com:389
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150) ~[na:1.8.0_111]
Nothing SonarQube-specific here. Referral is a pure LDAP consideration, but Java behaviour can kick in the processing of referrals, see Java JNDI documentation . That documentation mentions ignore/follow/throw behaviour, and a good thing to know is that SonarQube LDAP Plugin follows LDAP referrals. What that means is that if LDAP server says that further information on the account can be fetched from another location, then the Java-LDAP layer will go and search for it.
Now, it's during this processing of referrals that things fail at the Java level:
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
Here too, error independent from SonarQube (as Julien initially pointed out). LDAP Plugin can not connect to the server that was referred to in the search results. Very important distinction here: it's not about the server set in ldap.url , it's about a referral that was made (in LDAP) to another server (the one in Caused by: javax.naming.CommunicationException: <company>.com:389), and the connection to that other server timed out.
All in all, suggestions moving forward:
- confirm with your LDAP team that referrals are actively used in your LDAP directory
- clarify with your LDAP team which other remote servers may be referred too
- verify that your SonarQube server has good connectivity to the various LDAP servers from which information may be fetched (other than the one set in ldap.url)
Best regards,
Nicolas
Reply all
Reply to author
Forward
0 new messages