关于 SonarQube 和 Active Directory 之间的简单 Ldap 连接

Posted

技术标签:

【中文标题】关于 SonarQube 和 Active Directory 之间的简单 Ldap 连接【英文标题】:About Simple Ldap Connection Between SonarQube and Active Directory 【发布时间】:2021-04-09 15:58:07 【问题描述】:

我在我的本地服务器上运行 SonarQube 企业版。我正在尝试确保 ldap 与 SonarQube Web 端的活动目录集成。

我在 Sonarqube 社区论坛上打开了一个类似的任务,并通过 this link. 关注它

现在我正在尝试通过不使用 ssl 的简单方法连接来进行我的第一次测试。

Ldap连接成功,但用户发送登录请求时,报错码“LDAP: error code 1 - 000004DC: LdapErr: dsid-0C090A4C”。很多地方有用户写过密码错误,但是我用ldapsearch命令手动检查时可以得到响应。

我也有不同的 ldap 应用程序,它们使用我的活动目录环境,它们运行良好。 (例如 jira、jenkins 等 ..)

当我调查这个问题时,我发现许多用户可以使用类似的配置进行连接。当我使用 Ldap Admin 工具检查属性和其他定义时,没有出现需要不同设置的参数。但我无法连接。我在手动进行的测试中获得了成功的结果,并且我知道我实际上需要能够连接。但是在这个应用程序的基础上它看起来像一个错误。

我在下面分享我的信息,你能帮帮我吗?

Ldap User: test.user
Server Os: CentOS Linux release 7.9.2009 (Core)
Sonarqube Version: sonarqube-enterprise-8.6.0.39681 (onpremise)

[root@sonarqubeserver]# cat sonar.properties
...
sonar.security.realm=LDAP
ldap.url=ldap://192.168.1.2:3268

ldap.realm=mydomain.net
ldap.authentication=simple
sonar.authenticator.downcase=true

ldap.bindDN=CN=adsvcuser,OU=ServiceAccounts,DC=mydomain,DC=net
ldap.bindPassword=PasswordTest123!Testtt


ldap.user.baseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net
ldap.user.request=(&(objectClass=user)(sAMAccountName=login))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

## ldap Group ##
ldap.group.baseDn=OU=Groups,DC=mydomain,DC=net
ldap.group.request=(&(objectClass=group)(member=dn))
ldap.group.idAttribute=sAMAccountName


[root@sonarqubeserver]# ldapsearch -x -b "OU=TR,OU=User Accounts,DC=mydomain,DC=net" -D "CN=adsvcuser,OU=ServiceAccounts,DC=mydomain,DC=net" -H ldap://192.168.1.2:3268 -w 'PasswordTest123!Testtt' "(&(objectClass=user)(sAMAccountName=test.user))"
# extended LDIF
#
# LDAPv3
# base <OU=TR,OU=User Accounts,DC=mydomain,DC=net> with scope subtree
# filter: (&(objectClass=user)(sAMAccountName=test.user))
# requesting: ALL
#

# test.user, TR, User Accounts, mydomain.net
dn: CN=test.user,OU=TR,OU=User Accounts,DC=mydomain,DC=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test.user
sn: user
c: TR
l: Istanbul
telephoneNumber: 12312412312412
givenName: test
distinguishedName: CN=test.user,OU=TR,OU=User Accounts,DC=mydomain,DC=net
instanceType: 4
whenCreated: 12312412341232.0Z
whenChanged: 41231231241231.0Z
displayName: test.user | MyDomain
uSNCreated: 35664044
memberOf: xxx
...
uSNChanged: 174906273
name: test.user
objectGUID:: fklasjdkalsjdklafjakls==
userAccountControl: 512
primaryGroupID: 513
objectSid:: asajknfajsnqwe1samndnomnfndsmadn==
sAMAccountName: test.user
sAMAccountType: 214123342
userPrincipalName: test.user@mydomain.net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=net
dSCorePropagationData: 12312412312563.0Z
dSCorePropagationData: 56890458497343.0Z
lastLogonTimestamp: 132540485078534934
mail: test.user@mydomain.net
manager: CN=Mrs X,OU=TR,OU=User Accounts,DC=mydomain,DC=net

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


[root@sonarqubeserver]# tail -f /var/log/sonarqube/web.log

2021.01.03 15:15:32 INFO  web[][o.s.s.s.LogServerId] Server ID: 21das2d-DASdlak2142ld2aksdlsk12
2021.01.03 15:15:32 INFO  web[][org.sonar.INFO] Security realm: LDAP
2021.01.03 15:15:32 INFO  web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMappingbaseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net, request=(&(objectClass=user)(sAMAccountName=0)), realNameAttribute=cn, emailAttribute=mail
2021.01.03 15:15:32 INFO  web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMappingbaseDn=OU=Groups,DC=mydomain,DC=net, idAttribute=sAMAccountName, requiredUserAttributes=[dn], request=(&(objectClass=group)(member=0))
2021.01.03 15:15:32 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.sasl.realm=mydomain.net, java.naming.provider.url=ldap://192.168.1.2:3268, java.naming.security.authentication=simple
2021.01.03 15:15:32 INFO  web[][o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://192.168.1.2:3268: OK
2021.01.03 15:15:32 INFO  web[][org.sonar.INFO] Security realm started
2021.01.03 15:15:32 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/plugins/download
...
...
...
2021.01.03 15:15:44 DEBUG web[][o.s.s.p.ServerLifecycleNotifier] Notify ServerStopHandler handlers...
2021.01.03 15:15:44 INFO  web[][o.s.s.p.Platform] WebServer is operational
2021.01.03 15:15:44 DEBUG web[][o.s.s.p.Platform] Background initialization of SonarQube done
2021.01.03 15:16:11 DEBUG web[AXbILSguJzbHg1R2AAAB][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|82.24.129.13][login|]
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] Requesting details for user test.user
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapSearch] Search: LdapSearchbaseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net, scope=subtree, request=(&(objectClass=user)(sAMAccountName=0)), parameters=[test.user], attributes=[mail, cn]
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapContextFactory] Initializing LDAP context java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.sasl.realm=mydomain.net, java.naming.provider.url=ldap://192.168.1.2:3268, java.naming.security.authentication=simple
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
    at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
    at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
    at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
    at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
    at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
    at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
    at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
    at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
    at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
    at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
    at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
    at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
    at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
    at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:834)
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] User test.user not found in <default>
2021.01.03 15:16:23 ERROR web[AXbILSguJzbHg1R2AAAE][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.auth.ldap.LdapException: Unable to retrieve details for user test.user in <default>
    at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
    at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
    at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
    at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
    at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
    at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
    at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
    at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
    at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
    at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
    at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
    at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
    at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
    at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
    at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
    ... 51 common frames omitted
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][auth.event] login failure [cause|Unable to retrieve details for user test.user in <default>][method|FORM][provider|REALM|LDAP][IP|127.0.0.1|82.24.129.13][login|test.user]

【问题讨论】:

【参考方案1】:

消息说您需要进行身份验证才能读取 LDAP,这表明您正在进行匿名绑定。可能是由于ldap.bindDN(应该是ldap.bindDn)的拼写错误造成的。使用正确的大小写重试,SQ 可能错过了您的绑定配置。

【讨论】:

以上是关于关于 SonarQube 和 Active Directory 之间的简单 Ldap 连接的主要内容,如果未能解决你的问题,请参考以下文章

SonarQube 和 JaCoCo (maven) 命名约定

gradle、sonarqube 和 jacoco 插件的哪些版本兼容

是否有任何关于bitbucket拉请求(不是云)的样本解决方案,它正在触发jenkins的sonarqube分析?

.net持续集成sonarqube篇之 sonarqube触发webhook

SonarQube 中的测试自动化执行报告

使用 Azure Active Directory 时 SonarLint 身份验证不起作用