I have a Sonarqube 5.5 launch instance. I wanted to use the sonar-ldap 1.5.1 plugin to delegate authentication and authorization to my company’s Active Directory.
The configuration for the LDAP plugin is as follows (modulo some obfuscations):
sonar.authenticator.createUsers=false
sonar.security.savePassword=false
sonar.security.realm=LDAP
ldap.url=ldap://host.my.domain
ldap.user.baseDn=OU=Users,OU=Organic Units,DC=my,DC=domain
ldap.user.request=(&(objectClass=user) (sAMAccountName={login}))
ldap.authentication=DIGEST-MD5
ldap.bindDn=CN=harmlessServiceAccount,OU=users,OU=Organic Units,DC=my,DC=domain
ldap.bindPassword=<the user password in clear text>
sonar.log.level=DEBUG
And the sonarqube server reports the following error:
2016.07.13 10:19:38 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2016.07.13 10:19:38 ERROR web[o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
java.lang.IllegalStateException: Unable to open LDAP connection
...
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1^@]
...
I made the same request with ldapsearch and did not encounter any problem. Therefore, I believe that Active Directory is correct and accepts this user and the SASL DIGEST-MD5 engine.
I also used the same user through sonarqube with a SIMPLE (insecure) mechanism, and it also worked "correctly." I also tried setting the md5 hash password instead of the password. And I tried many other things that I’m not proud of ...
( , ) .
- ?
SIMPLE ?
CRAM-MD5 GSSAPI, .
,
Jc