Bug: LDAP password with invalid characters.

[Paul Moore]

Hi SonarQube List,

I've come across the following bug so will feed it back.

Version: SonarQube Version 5.2

The following details are contained in file /opt/sonarqube/conf/sonar.properties

    ldap.url=ldap://activedirectory.ourdomain.com

    ldap.windows.auth=false

    ldap.bindDn=cn=svc_sonar,ou=Service Accounts,ou=Users,ou=Corporate,dc=ourdomain,dc=com

    ldap.bindPassword=Py2R~w(1QQx\8?]D

Result: The application cannot authenticate to the ldap server due to ldap error code 49 type 52e (invalid credentials).

             Results taken from "https://confluence.atlassian.com/confkb/user-directory-sync-fails-with-ldap-error-code-49-223217565.html"

However when using the following command on the command line from the same system, a full list of entries is returned.

    ldapsearch -w 'Py2R~w(1QQx\8?]D' -D "CN=svc_sonar,OU=Service Accounts,OU=Users,OU=Corporate,DC=ourdomain,DC=com" -b "ou=Corporate,dc=ourdomain,dc=com" -s sub -H "ldap://activedirectory.ourdomain.com"

When the password for the account "svc_sonar" was changed to replace the backslash in the password with a forward-slash, the application works and the equivalent command above also works.

Cheers,

Paul

[mjdet...@gmail.com]

sonar.properties is read in as Java Properties format http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader) -- so backslashes are escape characters. Therefore, a literal backslash must be escaped and represented as two backslashes '\\'. Other characters such as a colon ':' and equals '=' should also be escaped.

[Paul Moore]

Thanks for the clarification and for the additional information and references.

Cheers,

Paul