Re: Query about enabling LDAP on sonar

528 views
Skip to first unread message
Message has been deleted

Julien Lancelot

unread,
Feb 7, 2017, 7:58:29 AM2/7/17
to vinay premkumar, SonarQube
Hi,

Could you please send us your LDAP configuration ?
Thanks.

Regards,

On Tue, 7 Feb 2017 at 12:17 vinay premkumar <vinay05p...@gmail.com> wrote:
Hi All,

I am currently running sonarqube 6.1 on a centos 7 machine and its working fine. I am trying to enable LDAP on my system and sonar doesnt start. Could anyone please help to root cause the issue.

java -version
openjdk version "1.8.0_111"
OpenJDK Runtime Environment (build 1.8.0_111-b15)
OpenJDK 64-Bit Server VM (build 25.111-b15, mixed mode)




ERROR:
2017.02.07 03:05:13 INFO  web[][org.sonar.INFO] Security realm: LDAP
2017.02.07 03:05:13 INFO  web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=ou=People,o=hp.com, request=(&(objectClass=inetOrgPerson)(uid={0})), realNameAttribute=cn, emailAttribute=mail}
2017.02.07 03:05:13 INFO  web[][o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=ou=Groups,o=hp.com, idAttribute=cn, requiredUserAttributes=[uid], request=(&(objectClass=posixGroup)(memberUid={0}))}
2017.02.07 03:05:14 INFO  web[][o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2017.02.07 03:05:14 ERROR web[][o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.web.PlatformServletContextListener
org.sonar.plugins.ldap.LdapException: Unable to open LDAP connection
        at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:206) ~[na:na]
        at org.sonar.plugins.ldap.LdapRealm.init(LdapRealm.java:63) ~[na:na]
        at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:84) ~[sonar-server-6.1.jar:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111]
        at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) ~[picocontainer-2.15.jar:na]
        at org.sonar.core.platform.ComponentContainer$1.start(ComponentContainer.java:320) ~[sonar-core-6.1.jar:na]
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.behaviors.Stored.start(Stored.java:110) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) ~[picocontainer-2.15.jar:na]
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:141) ~[sonar-core-6.1.jar:na]
        at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:88) ~[sonar-server-6.1.jar:na]
        at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:613) ~[sonar-server-6.1.jar:na]
        at org.sonar.server.platform.Platform.start(Platform.java:216) ~[sonar-server-6.1.jar:na]
        at org.sonar.server.platform.Platform.startLevel34Containers(Platform.java:190) ~[sonar-server-6.1.jar:na]
        at org.sonar.server.platform.Platform.doStart(Platform.java:113) ~[sonar-server-6.1.jar:na]
        at org.sonar.server.platform.Platform.doStart(Platform.java:99) ~[sonar-server-6.1.jar:na]
        at org.sonar.server.platform.web.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:45) ~[sonar-server-6.1.jar:na]
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_111]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_111]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_111]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
Caused by: javax.naming.CommunicationException: simple bind failed: ldap.hp.com:636
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) ~[na:1.8.0_111]
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) ~[na:1.8.0_111]
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[na:1.8.0_111]
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[na:1.8.0_111]
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[na:1.8.0_111]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[na:1.8.0_111]
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[na:1.8.0_111]
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[na:1.8.0_111]
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[na:1.8.0_111]
        at javax.naming.InitialContext.init(InitialContext.java:244) ~[na:1.8.0_111]
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[na:1.8.0_111]
        at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:129) ~[na:na]
        at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:92) ~[na:na]
        at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:202) ~[na:na]
        ... 33 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_111]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_111]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_111]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_111]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[na:1.8.0_111]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_111]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_111]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_111]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_111]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_111]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928) ~[na:1.8.0_111]
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) ~[na:1.8.0_111]
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) ~[na:1.8.0_111]
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) ~[na:1.8.0_111]
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345) ~[na:1.8.0_111]
        at com.sun.jndi.ldap.Connection.run(Connection.java:860) ~[na:1.8.0_111]
        ... 1 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_111]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_111]
        at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_111]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_111]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_111]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_111]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[na:1.8.0_111]
        ... 12 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_111]
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_111]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_111]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[na:1.8.0_111]
        ... 18 common frames omitted
2017.02.07 03:05:14 ERROR web[][o.a.c.c.StandardContext] One or more listeners failed to start. Full details will be found in the appropriate container log file
2017.02.07 03:05:33 INFO  web[][o.a.c.u.SessionIdGeneratorBase] Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [18,929] milliseconds.
2017.02.07 03:05:33 ERROR web[][o.a.c.c.StandardContext] Context [] startup failed due to previous errors
2017.02.07 03:05:33 WARN  web[][o.a.c.l.WebappClassLoaderBase] The web application [ROOT] appears to have started a thread named [Abandoned connection cleanup thread] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
 java.lang.Object.wait(Native Method)
 java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:143)
 com.mysql.jdbc.AbandonedConnectionCleanupThread.run(AbandonedConnectionCleanupThread.java:43)
2017.02.07 03:05:33 INFO  web[][o.a.c.h.Http11NioProtocol] Starting ProtocolHandler ["http-nio-0.0.0.0-9000"]
2017.02.07 03:05:33 INFO  web[][o.s.s.a.TomcatAccessLog] Web server is started
2017.02.07 03:05:33 INFO  web[][o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000
2017.02.07 03:05:33 WARN  web[][o.s.p.ProcessEntryPoint] Fail to start web
java.lang.IllegalStateException: Webapp did not start

Thanks,
Vinay

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/9a1b2ba2-e3b3-49de-bf41-4362cdcf0fd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Julien LANCELOT | SonarSource

f.w...@sofort.com

unread,
Aug 9, 2017, 4:14:45 AM8/9/17
to SonarQube, vinay05p...@gmail.com
Having same issues.
updated config to several other systems which works perfect.

most important log entry is  (web.log)

INFO  web[][o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL


sonar.properties:
## LDAP server
sonar.security.realm=LDAP

# ldap.authentication=simple  #tried turning on / off


##secure connection
#if using ldaps:// or STartTLS  then you should install the server certificate into the Java truststore.
# => certificates are installed !

## StartTLS - tested does not work as well
# ldap.StartTLS=true # tested in case using ldap:// instead of ldaps://
#ldap.url=ldap://<server>


## SSL version
ldap.url=ldaps://<server>:636


## LADP Bind
ldap.bindDn=uid=<user>,ou=People,dc=<srv>,dc=<srv>
ldap.bindPassword=xxxx


## user config
ldap.user.baseDn=ou=People,dc=<srv>,dc=<srv>


# usually using more complex filter search - however to get LDAP connection working this should be enough
ldap.user.request=(&(objectClass=kreditorUser)(uid={login}))


ldap.user.realNameAttribute=uid
ldap.user.emailAttribute=mail


ping and nslookup from sonar-server to ldap-server works
any ideas?

f.w...@sofort.com

unread,
Aug 9, 2017, 4:16:47 AM8/9/17
to SonarQube, vinay05p...@gmail.com, f.w...@sofort.com
btw.. running sonarqube 6.4 
tested LDAP plungin 2.0 and 2.2 - non are working

FYI using the config for AD-server it works
Reply all
Reply to author
Forward
0 new messages