Sonarqube doesn't create groups retrieved from LDAP Plugin

387 views
Skip to first unread message

omerfaru...@gmail.com

unread,
Jun 8, 2018, 8:39:12 AM6/8/18
to SonarQube
Hi,

We are trying to add users to their groups in Active Directory using LDAP plugin. But there is a problem: user's groups are not created automatically when the user logins. If we create the group manually and the user logins again, the user is added to the group as expected.

We tried to inspect the Sonarqube source code and identified the problem. The groups are not attempted to be created in UserIdentityAuthenticatorImpl class:

  1. private void syncGroups(DbSession dbSession, UserIdentity userIdentity, UserDto userDto) {
  2.   if (!userIdentity.shouldSyncGroups()) {
  3.     return;
  4.   }
  5.   String userLogin = userIdentity.getLogin();
  6.   Set<String> userGroups = new HashSet<>(dbClient.groupMembershipDao().selectGroupsByLogins(dbSession, singletonList(userLogin)).get(userLogin));
  7.   Set<String> identityGroups = userIdentity.getGroups();
  8.   LOGGER.debug("List of groups returned by the identity provider '{}'", identityGroups);

  10.   Collection<String> groupsToAdd = Sets.difference(identityGroups, userGroups);
  11.   Collection<String> groupsToRemove = Sets.difference(userGroups, identityGroups);
  12.   Collection<String> allGroups = new ArrayList<>(groupsToAdd);
  13.   allGroups.addAll(groupsToRemove);
  14.   DefaultOrganization defaultOrganization = defaultOrganizationProvider.get();
  15.   Map<String, GroupDto> groupsByName = dbClient.groupDao().selectByNames(dbSession, defaultOrganization.getUuid(), allGroups)
  16.     .stream()
  17.     .collect(uniqueIndex(GroupDto::getName));

  19.   addGroups(dbSession, userDto, groupsToAdd, groupsByName);
  20.   removeGroups(dbSession, userDto, groupsToRemove, groupsByName);
  21. }

  23. private void addGroups(DbSession dbSession, UserDto userDto, Collection<String> groupsToAdd, Map<String, GroupDto> groupsByName) {
  24.   groupsToAdd.stream().map(groupsByName::get).filter(Objects::nonNull).forEach(
  25.     groupDto -> {
  26.       LOGGER.debug("Adding group '{}' to user '{}'", groupDto.getName(), userDto.getLogin());
  27.       dbClient.userGroupDao().insert(dbSession, new UserGroupDto().setGroupId(groupDto.getId()).setUserId(userDto.getId()));
  28.     });
  29. }

Here, in line 24, if the group does not exist, the group is not created in method. filter(Objects::nonNull) method eliminates null items in groupsByName
, so the user's group is never created programatically.

Thank you for your help.

G. Ann Campbell

unread,
Jun 8, 2018, 11:33:08 AM6/8/18
to SonarQube
Hi,

As described in the docs, the groups must first exist (be manually created) in SonarQube before membership can be synchronized from LDAP.


Ann
Reply all
Reply to author
Forward
0 new messages