LDAP Error
332 views
Skip to first unread message
Jody Greene
Oct 20, 2016, 1:36:03 PM10/20/16
to SonarQube
If I leave ldap.bindDn & ldap.bindPassword blank, the LDAP connection passess; however, in trying several AD accounts, I get the error below.
sonar.security.realm=LDAP
sonar.security.savePassword=false
sonar.authenticator.downcase=true
ldap.url=ldap://slcgdc01.na.corp.ipgnetwork.com
ldap.bindDn=CN=Service\, SonarQube,OU=MRM Security Objects,OU=MRM,OU=60TEMP,OU=SLC,DC=na,DC=corp,DC=ipgnetwork,DC=com
ldap.bindPassword=********
ldap.authentication=simple
ldap.user.baseDn=ou=mrm,ou=60temp,ou=slc,DC=na,DC=corp,DC=ipgnetwork,DC=com
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
ldap.group.baseDn=ou=mrm,ou=60temp,ou=slc,DC=na,DC=corp,DC=ipgnetwork,DC=com
2016.10.20 21:23:03 ERROR web[][o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.web.PlatformServletContextListener
java.lang.IllegalStateException: Unable to open LDAP connection
at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:146) ~[na:na]
at org.sonar.plugins.ldap.LdapRealm.init(LdapRealm.java:64) ~[na:na]
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:84) ~[sonar-server-6.1.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_101]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_101]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_101]
at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) ~[picocontainer-2.15.jar:na]
at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) ~[picocontainer-2.15.jar:na]
at org.sonar.core.platform.ComponentContainer$1.start(ComponentContainer.java:320) ~[sonar-core-6.1.jar:na]
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) ~[picocontainer-2.15.jar:na]
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) ~[picocontainer-2.15.jar:na]
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) ~[picocontainer-2.15.jar:na]
at org.picocontainer.behaviors.Stored.start(Stored.java:110) ~[picocontainer-2.15.jar:na]
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) ~[picocontainer-2.15.jar:na]
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) ~[picocontainer-2.15.jar:na]
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) ~[picocontainer-2.15.jar:na]
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:141) ~[sonar-core-6.1.jar:na]
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:88) ~[sonar-server-6.1.jar:na]
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:613) ~[sonar-server-6.1.jar:na]
at org.sonar.server.platform.Platform.start(Platform.java:216) ~[sonar-server-6.1.jar:na]
at org.sonar.server.platform.Platform.startLevel34Containers(Platform.java:190) ~[sonar-server-6.1.jar:na]
at org.sonar.server.platform.Platform.doStart(Platform.java:113) ~[sonar-server-6.1.jar:na]
at org.sonar.server.platform.Platform.doStart(Platform.java:99) ~[sonar-server-6.1.jar:na]
at org.sonar.server.platform.web.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:45) ~[sonar-server-6.1.jar:na]
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.util.concurrent.FutureTask.run(Unknown Source) [na:1.8.0_101]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_101]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_101]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_101]
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) ~[na:1.8.0_101]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) ~[na:1.8.0_101]
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) ~[na:1.8.0_101]
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) ~[na:1.8.0_101]
at javax.naming.InitialContext.init(Unknown Source) ~[na:1.8.0_101]
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source) ~[na:1.8.0_101]
at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:95) ~[na:na]
at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:83) ~[na:na]
at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:142) ~[na:na]
... 33 common frames omitted
Jody Greene
Oct 20, 2016, 2:51:18 PM10/20/16
to SonarQube
Changed ldap.bindDn to following, and corrected the error
ldap.bindDn=<account>@<domain>
Jody Greene
Oct 20, 2016, 2:55:25 PM10/20/16
to SonarQube
One step closer... New error
2016.10.20 22:47:21 ERROR web[][o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.server.exceptions.UnauthorizedException: No user details
at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:91) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:83) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:56) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:45) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:91) [sonar-server-6.1.jar:na]
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:76) [sonar-server-6.1.jar:na]
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126) [sonar-server-6.1.jar:na]
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:60) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.web.RoutesFilter.doFilter(RoutesFilter.java:55) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:113) [sonar-server-6.1.jar:na]
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:81) [sonar-server-6.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:191) [logback-access-1.1.3.jar:na]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_101]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_101]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
gruss...@gmail.com
Oct 21, 2016, 4:48:56 AM10/21/16
to SonarQube
Hi,
That error seems to imply that it can't find the user in that OU.
The configuration I have is:
sonar.security.realm=LDAPsonar.security.savePassword=truesonar.security.authenticator.downcase=trueldap.servers=server1,server2ldap.server1.url=ldap://dc03.<mycompany>.<suffix>:389ldap.server1.realm=<mycompany>.<suffix>ldap.server2.url=ldap://dc02.<mycompany>.<suffix>:389ldap.server2.realm=<mycompany>.<suffix>ldap.windows.group.downcase=true# User Configurationldap.server1.user.baseDn=OU=Internal,DC=<mycompany>,DC=<suffix>ldap.server1.user.request: (&(objectClass=User)(sAMAccountName={login}))ldap.server1.bindDn=CN=<cn>, OU=www,OU=xxx,OU=yyy,OU=zzz,DC=<mycompany>,DC=<suffix>ldap.server1.bindPassword=abcdefghijklmnopqrstuvwxyzldap.server1.user.realNameAttribute=cnldap.server1.user.emailAttribute=mailldap.server1.group.baseDn=OU=Groups,DC=<mycompany>,DC=<suffix>ldap.server1.group.request=(&(objectClass=group)(member={dn}))ldap.server1.windows.group.downcase=trueldap.server2.user.baseDn=OU=Test,OU=External,DC=<mycompany>,DC=<suffix>ldap.server2.user.request: (&(objectClass=User)(sAMAccountName={login}))ldap.server2.bindDn=CN=<cn>, OU=www,OU=xxx,OU=yyy,OU=zzz,DC=<mycompany>,DC=<suffix>ldap.server2.bindPassword=abcdefghijklmnopqrstuvwxyzldap.server2.user.realNameAttribute=cnldap.server2.user.emailAttribute=mailldap.server2.group.baseDn=OU=Groups,DC=<mycompany>,DC=<suffix>ldap.server2.group.request=(&(objectClass=group)(member={dn}))ldap.server2.windows.group.downcase=true
We needed two servers so that we could import from two groups (internal and external).
Hope that helps!
sonar.security.realm=LDAPsonar.security.savePassword=truesonar.security.authenticator.downcase=trueldap.servers=server1,server2ldap.server1.url=ldap://dc03.<mycompany>.<suffix>:389ldap.server1.realm=<mycompany>.<suffix>ldap.server2.url=ldap://dc02.<mycompany>.<suffix>:389ldap.server2.realm=<mycompany>.<suffix>ldap.windows.group.downcase=true# User Configurationldap.server1.user.baseDn=OU=Internal,DC=<mycompany>,DC=<suffix>ldap.server1.user.request: (&(objectClass=User)(sAMAccountName={login}))ldap.server1.bindDn=CN=<cn>, OU=www,OU=xxx,OU=yyy,OU=zzz,DC=<mycompany>,DC=<suffix>ldap.server1.bindPassword=abcdefghijklmnopqrstuvwxyzldap.server1.user.realNameAttribute=cnldap.server1.user.emailAttribute=mailldap.server1.group.baseDn=OU=Groups,DC=<mycompany>,DC=<suffix>ldap.server1.group.request=(&(objectClass=group)(member={dn}))ldap.server1.windows.group.downcase=trueldap.server2.user.baseDn=OU=Test,OU=External,DC=<mycompany>,DC=<suffix>ldap.server2.user.request: (&(objectClass=User)(sAMAccountName={login}))ldap.server2.bindDn=CN=<cn>, OU=www,OU=xxx,OU=yyy,OU=zzz,DC=<mycompany>,DC=<suffix>ldap.server2.bindPassword=abcdefghijklmnopqrstuvwxyzldap.server2.user.realNameAttribute=cnldap.server2.user.emailAttribute=mailldap.server2.group.baseDn=OU=Groups,DC=<mycompany>,DC=<suffix>ldap.server2.group.request=(&(objectClass=group)(member={dn}))ldap.server2.windows.group.downcase=true
We needed two servers so that we could import from two groups (internal and external).
Hope that helps!
Jody Greene
Oct 21, 2016, 12:35:32 PM10/21/16
to SonarQube, gruss...@gmail.com
Thanks for pointing me in the right direction... I discovered that the issue was with the following entries
ldap.user.request
ldap.group.request
The LDAP filter wasn't quite correct
Reply all
Reply to author
Forward
0 new messages