SonarQube 6.4 LDAP 2.2 authentication not working running on Windows 2012

[john.m...@gmail.com]

The following settings work for Artifactory when using its LDAP feature; i.e., can login using AD account

ldap://win03stdx64dc.dev.local:389/DC=dev,DC=local

CN=Administrator,CN=Users,DC=dev,DC=local

password=xxxxxxxxx

sonar.properties LDAP settings

#########################

# LDAP configuration

#########################

# General Configuration

sonar.authenticator.class: org.sonar.plugins.ldap.LdapAuthenticator

sonar.security.realm=LDAP

#sonar.security.savePassword=true

#sonar.security.updateUserAttributes=true

sonar.authenticator.downcase=true

#sonar.authenticator.createUsers=true

 

# General Configuration

ldap.authentication=simple

ldap.realm=dev.local

ldap.baseDn:CN=Users,DC=dev,DC=local 

ldap.url=ldap://win03stdx64dc.dev.local:389/DC=dev,DC=local

ldap.bindDn=CN=Administrator,CN=Users,DC=dev,DC=local

ldap.bindPassword=xxxxxxxxx

 

 # Group Configuration

ldap.group.baseDn=CN=Users,DC=dev,DC=local

ldap.group.request=(&(objectClass=group)(member={dn}))

# User Configuration

ldap.user.baseDn=CN=Users,DC=dev,DC=local

ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))

ldap.user.realNameAttribute=cn

ldap.user.emailAttribute=mail

2017.08.03 13:14:09 DEBUG web[AV2pfvNN4FD04chjAAAP][o.s.p.l.LdapUsersProvider] Requesting details for user dev\administrator

2017.08.03 13:14:09 DEBUG web[AV2pfvNN4FD04chjAAAP][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=CN=Users,DC=dev,DC=local, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[dev\administrator], attributes=[mail, cn]}

2017.08.03 13:14:09 DEBUG web[AV2pfvNN4FD04chjAAAP][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://win03stdx64dc.dev.local:389/DC=dev,DC=local, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=Administrator,CN=Users,DC=dev,DC=local, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.sasl.realm=dev.local, java.naming.referral=follow}

2017.08.03 13:14:09 DEBUG web[AV2pfvNN4FD04chjAAAP][o.s.p.l.LdapUsersProvider] [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:

'DC=dev,DC=local'

 ]

javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:

'DC=dev,DC=local'

 ]

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)

at javax.naming.directory.InitialDirContext.search(Unknown Source)

at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130)

at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)

at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)

at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)

at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)

at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)

at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)

at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)

at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)

at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)

at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)

at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:76)

at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:63)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)

at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Unknown Source)

2017.08.03 13:14:09 DEBUG web[AV2pfvNN4FD04chjAAAP][o.s.p.l.LdapUsersProvider] User dev\administrator not found in <default>

2017.08.03 13:14:09 ERROR web[AV2pfvNN4FD04chjAAAP][o.s.s.a.RealmAuthenticator] Error during authentication

org.sonar.plugins.ldap.LdapException: Unable to retrieve details for user dev\administrator in <default>

at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)

at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)

at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:92)

at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:86)

at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:61)

at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:50)

at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:123)

at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:104)

at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)

at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:76)

at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:63)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:72)

at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Unknown Source)

Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:

'DC=dev,DC=local'

 ]

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)

at javax.naming.directory.InitialDirContext.search(Unknown Source)

at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130)

at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143)

at org.sonar.plugins.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)

... 47 common frames omitted

2017.08.03 13:14:09 DEBUG web[AV2pfvNN4FD04chjAAAP][auth.event] login failure [cause|Unable to retrieve details for user dev\administrator in <default>][method|FORM][provider|REALM|LDAP][IP|fe80:0:0:0:1dfd:cc4d:9a37:f53e%12|][login|dev\administrator]

[nicolas...@sonarsource.com]

Hi,

This seems related to your LDAP configuration more than SonarQube (or LDAP Plugin) behaviour. I'm surprised you're setting 'DC=dev,DC=local' in the URL, and then ldap.group.baseDn=CN=Users,DC=dev,DC=local . That baseDn seems to be what upsets the LDAP connection (as the initial connection does succeed), based on the error from your LDAP server (independent from SonarQube):

[LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=dev,DC=local']

Not much more input from a SonarQube perspective here. Suggest you play with some standalone LDAP client (e.g. ldapsearch ) to determine the appropriate search attributes (e.g. should the baseDn only be DC=dev,DC=local , should the 'dev/ ' prefix be kept when logging-in etc.). And also talk to your LDAP folks to know what the actual directory structure is.

Best regards,

Nicolas