Sonar LDAP integration is not working

832 views
Skip to first unread message

Murali Dharan

unread,
Apr 14, 2016, 3:08:24 AM4/14/16
to SonarQube

 I am getting below ERROR , when i trying to integrate my sonar instance with LDAP .

Environment I used are 

CentOS Linux release 7.2.1511
SonarQube-5.3
Java  1.8.0_71  (64bit)
Database  5.5.44-MariaDB MariaDB Server


The below are the configuration which i mentioned in sonar.properties.

sonar.security.localUsers=admin
ldap.realm=XX.com
sonar.security.realm=LDAP
sonar.authenticator.createUsers=true
sonar.security.savePassword=true
sonar.security.updateUserAttributes=true
#ldap.url=ldaps://ldap.XX.com:636

ldap.baseDn=(&(objectClass=user)(sAMAccountName={login}))
# User Configuration
#ldap.user.baseDn=ou=People,o=XX.com
#ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail


# Group Configuration
#ldap.group.baseDn=cn=NewProjGroup,ou=Groups,o=XX.com
#ldap.group.request=(&(objectClass=group)(member={dn}))

ldap.windows.auth=false

#ldap.bindDn=cn=NewProjGroup,ou=Groups,o=XX.com
#cn=sonar,ou=People,o=XX.com

wrapper.console.loglevel=DEBUG

and i do not get any issue in sonar.log while running sonar. Test connection of LDAP is ok. but i could't login using my LDAP account.

Please suggest me that what i am missing.

2016.04.12 02:34:15 INFO  web[o.s.p.StopWatcher] Stopping process
2016.04.12 02:34:15 INFO  web[o.a.c.h.Http11NioProtocol] Pausing ProtocolHandler ["http-nio-16.73.20.213-9100"]
2016.04.12 02:34:16 INFO  web[o.s.s.n.NotificationService] Notification service stopped
2016.04.12 02:34:16 WARN  web[o.a.c.l.WebappClassLoaderBase] The web application [sonar] appears to have started a thread named [Abandoned connection cleanup thread] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
 java.lang.Object.wait(Native Method)
 java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:143)
 com.mysql.jdbc.AbandonedConnectionCleanupThread.run(AbandonedConnectionCleanupThread.java:43)
2016.04.12 02:34:16 INFO  web[o.a.c.h.Http11NioProtocol] Stopping ProtocolHandler ["http-nio-16.73.20.213-9100"]
2016.04.12 02:34:17 INFO  web[o.a.c.h.Http11NioProtocol] Destroying ProtocolHandler ["http-nio-16.73.20.213-9100"]
2016.04.12 02:34:17 INFO  web[o.s.s.a.TomcatAccessLog] Web server is stopped
2016.04.12 02:34:17 INFO  app[o.s.p.m.TerminatorThread] Process[web] is stopped
2016.04.12 02:34:17 INFO  app[o.s.p.m.TerminatorThread] Process[search] is stopping
2016.04.12 02:34:17 INFO   es[o.s.p.StopWatcher]  Stopping process
2016.04.12 02:34:17 INFO   es[o.elasticsearch.node]  [sonar-1459852580547] stopping ...
2016.04.12 02:34:17 INFO   es[o.elasticsearch.node]  [sonar-1459852580547] stopped
2016.04.12 02:34:17 INFO   es[o.elasticsearch.node]  [sonar-1459852580547] closing ...
2016.04.12 02:34:17 INFO   es[o.elasticsearch.node]  [sonar-1459852580547] closed
2016.04.12 02:34:17 INFO  app[o.s.p.m.TerminatorThread] Process[search] is stopped
<-- Wrapper Stopped
--> Wrapper Started as Daemon
Launching a JVM...
Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
  Copyright 1999-2006 Tanuki Software, Inc.  All Rights Reserved.

2016.04.12 02:34:18 INFO  app[o.s.p.m.JavaProcessLauncher] Launch process[search]: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2.x86_64/jre/bin/java -Djava.awt.headless=true -Xmx1G -Xms256m -Xss256k -Djava.net.preferIPv4Stack=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Djava.io.tmpdir=/opt/sonarqube-5.3/temp -cp ./lib/common/*:./lib/search/* org.sonar.search.SearchServer /tmp/sq-process146960764217329607properties
2016.04.12 02:34:19 INFO   es[o.s.p.ProcessEntryPoint]  Starting search
2016.04.12 02:34:19 INFO   es[o.s.s.SearchSettings]  Elasticsearch listening on 127.0.0.1:9001
2016.04.12 02:34:19 INFO   es[o.elasticsearch.node]  [sonar-1460442858483] version[1.7.2], pid[2920], build[e43676b/2015-09-14T09:49:53Z]
2016.04.12 02:34:19 INFO   es[o.elasticsearch.node]  [sonar-1460442858483] initializing ...
2016.04.12 02:34:19 INFO   es[o.e.plugins]  [sonar-1460442858483] loaded [], sites []
2016.04.12 02:34:19 INFO   es[o.elasticsearch.env]  [sonar-1460442858483] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [10.4gb], net total_space [15.9gb], types [rootfs]
2016.04.12 02:34:20 WARN   es[o.e.bootstrap]  JNA not found. native methods will be disabled.
2016.04.12 02:34:21 INFO   es[o.elasticsearch.node]  [sonar-1460442858483] initialized
2016.04.12 02:34:21 INFO   es[o.elasticsearch.node]  [sonar-1460442858483] starting ...
2016.04.12 02:34:21 INFO   es[o.e.transport]  [sonar-1460442858483] bound_address {inet[/127.0.0.1:9001]}, publish_address {inet[/127.0.0.1:9001]}
2016.04.12 02:34:21 INFO   es[o.e.discovery]  [sonar-1460442858483] sonarqube/-DOshS0OSG-8uvYO8Sp8yQ
2016.04.12 02:34:24 INFO   es[o.e.cluster.service]  [sonar-1460442858483] new_master [sonar-1460442858483][-DOshS0OSG-8uvYO8Sp8yQ][ngsonar-san.XXeswlab.net][inet[/127.0.0.1:9001]]{rack_id=sonar-1460442858483}, reason: zen-disco-join (elected_as_master)
2016.04.12 02:34:24 INFO   es[o.elasticsearch.node]  [sonar-1460442858483] started
2016.04.12 02:34:24 INFO   es[o.e.gateway]  [sonar-1460442858483] recovered [6] indices into cluster_state
2016.04.12 02:34:26 INFO  app[o.s.p.m.Monitor] Process[search] is up
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=160m; support was removed in 8.0
2016.04.12 02:34:26 INFO  app[o.s.p.m.JavaProcessLauncher] Launch process[web]: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.71-2.b15.el7_2.x86_64/jre/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.management.enabled=false -Djruby.compile.invokedynamic=false -Xmx768m -Xms256m -XX:MaxPermSize=160m -XX:+HeapDumpOnOutOfMemoryError -Djava.net.preferIPv4Stack=true -Djavax.net.ssl.trustStore=/opt/sonarqube-5.3/.keystore -Djava.io.tmpdir=/opt/sonarqube-5.3/temp -cp ./lib/common/*:./lib/server/*:/opt/sonarqube-5.3/lib/jdbc/mysql/mysql-connector-java-5.1.35.jar org.sonar.server.app.WebServer /tmp/sq-process7260635962311799695properties
2016.04.12 02:34:26 INFO  web[o.s.p.ProcessEntryPoint] Starting web
2016.04.12 02:34:27 INFO  web[o.s.s.app.Webapp] Webapp directory: /opt/sonarqube-5.3/web
2016.04.12 02:34:27 INFO  web[o.a.c.h.Http11NioProtocol] Initializing ProtocolHandler ["http-nio-16.73.20.213-8443"]
2016.04.12 02:34:27 WARN  web[o.a.t.u.n.j.JSSESocketFactory] The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ~[na:1.8.0_71]
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[na:1.8.0_71]
        at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:225) ~[na:1.8.0_71]
        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[na:1.8.0_71]
        at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_71]
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:424) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:375) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:631) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:543) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:960) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.apache.catalina.startup.Tomcat.start(Tomcat.java:340) [tomcat-embed-core-8.0.18.jar:8.0.18]
        at org.sonar.server.app.EmbeddedTomcat.start(EmbeddedTomcat.java:61) [sonar-server-5.3.jar:na]
        at org.sonar.server.app.WebServer.start(WebServer.java:42) [sonar-server-5.3.jar:na]
        at org.sonar.process.ProcessEntryPoint.launch(ProcessEntryPoint.java:77) [sonar-process-5.3.jar:na]
        at org.sonar.server.app.WebServer.main(WebServer.java:68) [sonar-server-5.3.jar:na]
2016.04.12 02:34:27 INFO  web[o.a.t.u.n.NioSelectorPool] Using a shared selector for servlet write/read
2016.04.12 02:34:28 INFO  web[o.e.plugins] [sonar-1460442858483] loaded [], sites []
2016.04.12 02:34:29 INFO  web[o.s.s.p.ServerImpl] SonarQube Server / 5.3 / 8db783e62b266eeb0d0b10dc050a7ca50e96c5d1
2016.04.12 02:34:29 INFO  web[o.sonar.db.Database] Create JDBC data source for jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
2016.04.12 02:34:30 INFO  web[o.s.s.p.DefaultServerFileSystem] SonarQube home: /opt/sonarqube-5.3
2016.04.12 02:34:30 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Git / 1.1 / 21e7329a632904350bb9a2e7f1b17b9967988db8
2016.04.12 02:34:30 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Java / 3.11 / 741963c7a3d062ec4a5eb896ea171057e2b7c014
2016.04.12 02:34:30 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin JavaScript / 2.11 / a9b1afa9ceef7079811779d9efc5f8026acb1400
2016.04.12 02:34:30 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin LDAP / 1.5.1 / 8960e08512a3d3ec4d9cf16c4c2c95017b5b7ec5
2016.04.12 02:34:30 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin SVN / 1.2 / d04c3cdb21f48905dd8300d1129ec90281aa6db2
2016.04.12 02:34:30 INFO  web[o.s.s.p.RailsAppsDeployer] Deploying Ruby on Rails applications
2016.04.12 02:34:30 INFO  web[o.s.s.p.RailsAppsDeployer] Deploying app: ldap
2016.04.12 02:34:31 INFO  web[o.s.s.p.UpdateCenterClient] Update center: http://update.sonarsource.org/update-center.properties (no proxy)
2016.04.12 02:34:31 INFO  web[org.sonar.INFO] Security realm: LDAP
2016.04.12 02:34:31 INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=dc=XX,dc=com, request=(&(objectClass=inetOrgPerson)(uid={0})), realNameAttribute=cn, emailAttribute=mail}
2016.04.12 02:34:31 INFO  web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
2016.04.12 02:34:32 INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://ldap.XX.com:636/ou=People,o=XX.com: OK
2016.04.12 02:34:32 INFO  web[org.sonar.INFO] Security realm started
2016.04.12 02:34:32 INFO  web[o.s.s.n.NotificationService] Notification service started (delay 60 sec.)
2016.04.12 02:34:32 INFO  web[o.s.s.s.IndexSynchronizer] Index rules
2016.04.12 02:34:34 INFO  web[o.s.s.s.IndexSynchronizer] Index activeRules
2016.04.12 02:34:34 INFO  web[o.s.s.s.RegisterMetrics] Register metrics
2016.04.12 02:34:35 INFO  web[o.s.s.s.RegisterDebtModel] Register technical debt model
2016.04.12 02:34:35 INFO  web[o.s.s.r.RegisterRules] Register rules
2016.04.12 02:34:35 INFO  web[o.s.s.q.RegisterQualityProfiles] Register quality profiles
2016.04.12 02:34:36 INFO  web[o.s.s.s.RegisterNewMeasureFilters] Register measure filters
2016.04.12 02:34:36 INFO  web[o.s.s.s.RegisterDashboards] Register dashboards
2016.04.12 02:34:36 INFO  web[o.s.s.s.RegisterPermissionTemplates] Register permission templates
2016.04.12 02:34:36 INFO  web[o.s.s.s.RenameDeprecatedPropertyKeys] Rename deprecated property keys
2016.04.12 02:34:36 INFO  web[o.s.s.s.IndexSynchronizer] Index activities
2016.04.12 02:34:36 INFO  web[o.s.s.s.IndexSynchronizer] Index issues
2016.04.12 02:34:37 INFO  web[o.s.s.s.IndexSynchronizer] Index tests
2016.04.12 02:34:37 INFO  web[o.s.s.s.IndexSynchronizer] Index users
2016.04.12 02:34:37 INFO  web[o.s.s.s.IndexSynchronizer] Index views
2016.04.12 02:34:37 INFO  web[o.s.s.c.q.PurgeCeActivities] Delete the Compute Engine tasks created before Thu Oct 15 02:34:37 EDT 2015
2016.04.12 02:34:37 INFO  web[jruby.rack] jruby 1.7.9 (ruby-1.8.7p370) 2013-12-06 87b108a on OpenJDK 64-Bit Server VM 1.8.0_71-b15 [linux-amd64]
2016.04.12 02:34:37 INFO  web[jruby.rack] using a shared (threadsafe!) runtime
2016.04.12 02:34:45 INFO  web[jruby.rack] keeping custom (config.logger) Rails logger instance
2016.04.12 02:34:45 INFO  web[o.a.c.h.Http11NioProtocol] Starting ProtocolHandler ["http-nio-16.73.20.213-8443"]
2016.04.12 02:34:45 INFO  web[o.s.s.a.TomcatAccessLog] Web server is started
2016.04.12 02:34:45 INFO  web[o.s.s.a.EmbeddedTomcat] HTTPS connector enabled on port 8443 | ciphers=JVM defaults
2016.04.12 02:34:45 INFO  app[o.s.p.m.Monitor] Process[web] is up
2016.04.12 03:01:16 ERROR web[rails] Error from external users provider: exception Java::OrgSonarApiUtils::SonarException: Unable to retrieve details for user murali in <default>
2016.04.12 03:08:29 ERROR web[rails] Error from external users provider: exception Java::OrgSonarApiUtils::SonarException: Unable to retrieve details for user nguser in <default>

Bindu Boinapalli

unread,
May 3, 2017, 9:22:55 AM5/3/17
to SonarQube
You should not use  ldap.windows.auth=false for linux machine.

nicolas...@sonarsource.com

unread,
May 10, 2017, 8:19:37 AM5/10/17
to SonarQube
Hi,

@Bindu: ldap.windows.auth is in fact a deprecated property, not taken into account at all in latest versions of the LDAP Plugin. All in all: one should not use ldap.windows.auth at all.

@Murali: never, ever, edit wrapper.conf nor any wrapper-related property (you mentioned wrapper.console.loglevel). The right way to enable debug logs is to switch to sonar.log.level=DEBUG in sonar.properties. Do that, restart your SonarQube, attempt to log in a user, and you'll get much more details about the actual error occurring on the backend. (keep in mind that you may see error codes returned by LDAP, in which case you'll have to follow-up on the LDAP side of things)

Best regards,
Nicolas

P.S.: I can see already that you're not setting ldap.bindDn / ldap.bindPassword , which is pretty suspicious as LDAP deployments allowing for anonymous access are a rather rare thing. Equally surprising to see ldap.user.baseDn / ldap.user.request commented out. But anyhow, debug logs will tell you more.
Reply all
Reply to author
Forward
0 new messages