HI,
We use LDAP plugin for a long time and users can login to Sonar with their Windows accounts. However when we search LDAP groups or type a person's ldap account ( who has never entered sonar web) under administration-security tab , it is not found.
The configuration in sonar.properties file and the part of the web.log (when i login with my ldap account) is below. Sonar version is 7.0, Ldap plugin is sonar-ldap-plugin-2.2.0.608.jar.
The yellow lines are the ad group names which I am member of . When i login with admin account I can list non of them.The request and response is at the bottom of the mail.
ldap settings in sonar.properties
sonar.security.realm=LDAP
sonar.authenticator.createUsers=true
ldap.url=ldap://zzzzzz.xx.firm.com.tr
ldap.bindDn=zzzzzz
ldap.bindPassword=zzzzzz
sonar.authenticator.downcase=true
# User Configuration
ldap.user.baseDn=ou=All Users,dc=fw,dc=firm,dc=com,dc=tr
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
#ldap.user.realNameAttribute=cn
ldap.user.realNameAttribute=givenName
ldap.user.LastNameAttribute=sn
ldap.user.firstNameAttribute=givenName
ldap.user.emailAttribute=mail
# Group Configuration
ldap.group.baseDn=ou=All Groups,dc=fw,dc=firm,dc=com,dc=tr
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute=cn
web.log:
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapUsersProvider] Requesting details for user hilalem
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=ou=All Users,dc=fw,dc=firm,dc=com,dc=tr, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[hilalem], attributes=[mail, givenName]}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap:// zzzzzz.xx.firm.com.tr
.firm.com.tr, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=Srv_SonarQube, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=ou=All Users,dc=fw,dc=firm,dc=com,dc=tr, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[hilalem], attributes=null}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap:// zzzzzz.xx.firm.com.tr
.firm.com.tr, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=Srv_SonarQube, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap:// zzzzzz.xx.firm.com.tr
.fw.firm.com.tr, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=CN=Sukriye Hilal Emeksiz (Firm Teknoloji),OU=Yazilim Teknolojileri Yonetimi,OU=Veri ve Platform Yonetimi ve Operasyon,OU=Firm Teknoloji,OU=All Users,DC=fw,DC=firm,DC=com,DC=tr, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapGroupsProvider] Requesting groups for user hilalem
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=ou=All Users,dc=fw,dc=firm,dc=com,dc=tr, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[hilalem], attributes=[dn]}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap:// zzzzzz.xx.firm.com.tr
.firm.com.tr, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=Srv_SonarQube, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=ou=All Groups,dc=fw,dc=firm,dc=com,dc=tr, scope=subtree, request=(&(objectClass=group)(member={0})), parameters=[CN=Sukriye Hilal Emeksiz (Firm Teknoloji),OU=Yazilim Teknolojileri Yonetimi,OU=Veri ve Platform Yonetimi ve Operasyon,OU=Firm Teknoloji,OU=All Users,DC=fw,DC=firm,DC=com,DC=tr], attributes=[cn]}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap:// zzzzzz.xx.firm.com.tr
.fw.firm.com.tr, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=Srv_SonarQube, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][o.s.s.a.UserIdentityAuthenticator] List of groups returned by the identity provider '[GLB_GB_MDM_BESPLUS_USERS, BB-CodeReview-MainFrame, BB-Kofax, BB-CodeReview-GEN, REST_GROUP_BB, BB_DirekTelefonu_Olanlar_Symprex, BB-Google Search POC, BB-GIT BitBucket Proje Ekibi, BBActive-Yuzme, BB-Teknik Mimarlar, BB-CodeReview-Net, BB-GA Internet ve Mobil Uygulamalari, BB-Finansal Sirketler Yeni Platform, BB-Gelistirme Platformlari Yonetimi, BB-Release Degisiklik ve Konfigurasyon Yonetimi, BB-Yazilim Teknolojileri Yonetimi, BB-CodeReview-Java, GLB_BB_PF_Dijital_Kanallar_ve_CRM, BB-CodeReview Altyapi]'
2018.06.07 09:40:54 DEBUG web[AWPVmpFC6SDYxwgzAABo][auth.event] login success [method|FORM][provider|REALM|LDAP][IP|10.242.9.149|][login|hilalem]
request:
http://BBsonar-t:9000/admin/users?search=onder
response:
{"paging":{"pageIndex":1,"pageSize":50,"total":0},"users":[]}
Thank You So Much
Hilal