声纳罗贝5.6& LDAP 2.0认证失败 [英] sonarqube 5.6 & LDAP 2.0 failing to authenticate
问题描述
我正在测试对sonarqube 5.6的升级,并安装了ldap 2.0插件&将相关配置复制到我的测试5.6设置中.
I am testing an upgrade to sonarqube 5.6 and have installed the ldap 2.0 plugin & copied the relevant configuration forward to my test 5.6 setup.
相关的配置是
sonar.security.realm=LDAP
ldap.url=ldaps://xxxx:636
ldap.bindDn=uid=xxxx,ou=xxxx,dc=xxxx,dc=xxxx
ldap.bindPassword=xxxx
ldap.user.baseDn=dc=xxxx,dc=com
ldap.user.request=(&(objectClass=person)(mail={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
我在conf/sonar.properties中设置了以下内容
I have the following set in conf/sonar.properties
sonar.log.level=DEBUG
在启动时我看到了
2016.07.26 23:57:29 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://xxxx:636: OK
2016.07.26 23:57:29 INFO web[org.sonar.INFO] Security realm started
如果尝试登录,则会在登录屏幕上显示身份验证失败". 日志文件只显示
If I attempt to login, I get "Authentication failed" on the login screen. The log file says nothing other than
2016.07.26 23:57:47 DEBUG web[http] GET / | time=67ms
2016.07.26 23:57:47 DEBUG web[http] GET / | time=187ms
2016.07.26 23:57:47 DEBUG web[http] GET /sessions/new | time=89ms
2016.07.26 23:57:53 DEBUG web[http] POST /sessions/login | time=71ms
相同的配置对sonarqube 4.5.7和ldap 1.4很好用
The same configuration works fine with sonarqube 4.5.7 and ldap 1.4
想法欢迎您进一步调查.
Ideas welcome on how to investigate further.
推荐答案
您最有可能遇到已知问题升级说明:
You're most likely hitting known issue SONAR-7770 - Authentication fails if LDAP configuration has been forgotten during the upgrade . Note that an Upgrade Note was issued for this problem:
最具体地说,不要忘记将相关的SonarQube插件及其相关配置复制到"conf/sonar.properties"(包括"sonar.security.realm"和"sonar.security.localUsers")中.新的SonarQube实例,否则您将在迁移后被锁定.
Most specifically, don't forget to copy the related SonarQube plugin and its related configuration in "conf/sonar.properties" (including "sonar.security.realm" and "sonar.security.localUsers" if present) into the new SonarQube instance otherwise you will be locked out after migration.
因此,即使在升级过程中 ,该LDAP配置也很重要.如果您确实错过了,那么这里最简单的方法是在正确设置LDAP相关配置的情况下重放升级.
So it's important that this LDAP configuration is there even during the upgrade. If you did miss that then the easiest way forward here is to replay the upgrade with the LDAP-related configuration correctly set.
请记住,在升级期间,SonarQube会更新数据集并将新信息也存储在数据库中(基于新功能).您的问题是升级是通过部分配置完成的(未设置sonar.security.realm和sonar.security.localUsers),SonarQube无法确定用户是否在本地,因此将其视为本地用户默认情况下.本地用户不是通过外部身份验证提供程序进行身份验证,而是通过本地身份验证,这确实是我们在您的日志中看到的(并且显然失败了,因为密码位于LDAP服务器中,而不是SonarQube数据库中.)
Keep in mind that during an upgrade SonarQube updates the dataset and also stores new information in database (based on new features). The problem in your case would be that the upgrade was done with a partial config (which didn't set sonar.security.realm and sonar.security.localUsers) , and SonarQube couldn't figure out whether users were local or not, hence treating them as local by default. Local users are not authenticated against external authentication providers but locally, which is indeed what we're seeing in your logs (and it's obviously failing because the password lives in LDAP server, not in SonarQube database).
这篇关于声纳罗贝5.6& LDAP 2.0认证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
