Yalami
Reputation: 63
Sonar successful authentication without password
I'm working on LDAP authentication support for Sonar. Users can authenticate using Blank password (No password) Or Correct password. If a wrong password entered, authentication fails. Sonar should not allow any login with a blank password even when this authentication depends on an external system like LDAP, could you help me to find a solution for this problem
Stacktrace in sonar.log:
`2015.04.27 18:39:19 DEBUG o.s.p.l.LdapUsersProvider User admin not found
2015.04.27 18:39:19 DEBUG User admin not found
2015.04.27 18:39:19 DEBUG o.s.p.l.LdapUsersProvider Requesting details for user admin
2015.04.27 18:39:19 DEBUG o.s.p.l.LdapSearch Search: LdapSearch{baseDn=DC=mycompany,DC=mycompany,DC=com, scope=subtree, request=(&(objectClass=user)(memberof=CN=gpfrcip-java,OU=IDC,OU=DSI,OU=DDA - France,OU=Access groups,OU=Groups,OU=Resources,DC=mycompany,DC=mycompany,DC=com)(SAMAccountName={0})), parameters=[admin], attributes=[mail, cn]}
2015.04.27 18:39:19 DEBUG o.s.p.l.LdapContextFactory Initializing LDAP context {java.naming.provider.url= myURL, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2015.04.27 18:39:19 DEBUG Requesting details for user admin
2015.04.27 18:39:19 DEBUG Search: LdapSearch{baseDn=DC=mycompany,DC=mycompany,DC=com, scope=subtree, request=(&(objectClass=user)(memberof=CN=gpfrcip-java,OU=IDC,OU=DSI,OU=DDA - France,OU=Access groups,OU=Groups,OU=Resources,DC=mycompany,DC=mycompany,DC=com)(SAMAccountName={0})), parameters=[admin], attributes=[mail, cn]}
2015.04.27 18:39:19 DEBUG Initializing LDAP context {java.naming.provider.url= myURL, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
`
LDAP Configuration for sonar-ldap-plugin-1.2 :
sonar.security.realm: LDAP
sonar.authenticator.createUsers: false
ldap.url: myURL
ldap.user.baseDn: DC=mycompany,DC=mycompany,DC=com
ldap.bindDn:
ldap.bindPassword:
ldap.user.request: (&(objectClass=user)(memberof=CN=gpfrcip- java,OU=IDC,OU=DSI,OU=DDA - France,OU=Access groups,OU=Groups,OU=Resources,DC=mycompany,DC=mycompany,DC=com)(SAMAccountName={0}))
`
Any feedback will be highly appreciated. Thanks in advance for your feedbacks.
Regards Youssef ALAMI
Upvotes: 0
Views: 537
Answers (1)
Yalami
Reputation: 63
I found the solution of this problem, i changed the version of the plugin LDAP to sonar-ldap-plugin-1.4 and the authentication was worked correctly.
Upvotes: 1
Related Questions
- SonarQube token access when LDAP is enabled
- Sonar and LDAP. Unable do login
- sonarqube 5.6 & LDAP 2.0 failing to authenticate
- SonarQube authentication with LDAP not working
- Sonar 4.1.1 with LDAP 1.4 Configuration
- Sonar Authentication is failing with LDAP
- SonarQube LDAP Authentication seems to load but won't allow login via domain user
- Having issues with Sonar-Ldap integration
- Sonar login via LDAP fails after period of non-usage
- Sonar 3.4 LDAP authentication with Active Directory - NullPointer exception