How to do LDAP configuration for Admin groups in Sonarqube 5.6.6?

[prateek...@gmail.com]

Hello, 

I am trying to setup Admin access to Sonarqube using an AD-group. All users who are part of SONAR-ADMIN should get admin access when they login to SonarQube. I am having trouble setting this up as all users are losing access to all default sonar groups (sonar-user, sonar-admin) when they try to login. 

I also want to setup similar access through AD groups for Project level access. 

Does somebody have experience in setting this up? Please help. 

Right now users are able to login as users using their AD credentials, but not through AD groups. 

I have specified the group name in group filter. And also used the same group name in sonarqube web console. 

SONAR-ADMIN@domain

Following are my current settings in sonar.properties file. 

X is masked. 

# Group Configuration

ldap.group.baseDn=DC=XX,DC=XXXXX,DC=XXX

ldap.group.dn=XXX

ldap.group.name=cn

ldap.group.usernames=member

ldap.group.objectclass=group

ldap.group.filter=(&(objectCategory=Group)(|(cn=SONAR-ADMIN)))

ldap.group.request=(&(objectClass=group)(memberUid={uid}))

[G. Ann Campbell]

Hi,

Is there anything interesting in the logs?

Ann

[prateek...@gmail.com]

Hi Ann,

Thanks for your response. I checked the access.log file and couldnt find anything which will help me troubleshoot this issue. It only shows few GET and POST calls for the session. I dont see anything updated in sonar.log. 

Thanks and Regards,

Prateek

[G. Ann Campbell]

Hi Prateek,

Anything interesting in web.log?

Ann

---

G. Ann Campbell | SonarSource

Product Manager

@GAnnCampbell

https://sonarsource.com

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/nYheyewlOKQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e83e08c2-3a0e-4677-87cb-b56a58f8f7c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[prateek...@gmail.com]

I have installed SonarQube 5.6.6 LTS on a RHEL 7 server and cant find web.log in any of the directories in /usr/local/sonar/ . Anywhere else I should be looking?

log directory only has access.log and sonar.log

Prateek

To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.

[G. Ann Campbell]

Hi Prateek,

Sorry, the logs split after 5.6.*. Anything interesting in $SONARQUBE_HOME/logs/sonar.log?

Ann

---

G. Ann Campbell | SonarSource

Product Manager

@GAnnCampbell

https://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/9992c700-1237-496c-9562-99e009c0a1c5%40googlegroups.com.

[prateek...@gmail.com]

No, I cant find anything. This is what I see related to LDAP. I have masked org specific details by XXX. 

2017.10.11 02:58:08 INFO  web[org.sonar.INFO] Security realm: LDAP

2017.10.11 02:58:08 INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=XXX, request=(&(objectClass=user)(|(memberOf=CN=SONAR-ADMIN,OU=XXX,OU=Groups,DC=XXX))(sAMAccountName={0})), realNameAttribute=givenName, emailAttribute=mail}

2017.10.11 02:58:08 INFO  web[o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=XXX, idAttribute=cn, requiredUserAttributes=[uid], request=(&(objectClass=group)(memberUid={0}))}

2017.10.11 02:58:09 INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://XXX.com:636: OK

2017.10.11 02:58:09 INFO  web[org.sonar.INFO] Security realm started

2017.10.11 02:58:09 INFO  web[o.s.s.n.NotificationService] Notification service started (delay 60 sec.)