sonarqube-活动目录ldap错误代码49 [英] sonarqube - active directory ldap error code 49
问题描述
我有一个运行sonarqube 5.5的实例. 我想使用sonar-ldap-plugin 1.5.1来将身份验证和授权委托给我公司的Active Directory服务.
I've got an instance of sonarqube 5.5 running. I wanted to use the sonar-ldap-plugin 1.5.1 in order to delegate the authentication and authorization to the Active Directory service of my company.
LDAP插件的配置如下(以一些混淆处理):
The configuration for the LDAP plugin is the following (modulo some obfuscation):
sonar.authenticator.createUsers=false
sonar.security.savePassword=false
sonar.security.realm=LDAP
ldap.url=ldap://host.my.domain
ldap.user.baseDn=OU=Users,OU=Organic Units,DC=my,DC=domain
ldap.user.request=(&(objectClass=user) (sAMAccountName={login}))
ldap.authentication=DIGEST-MD5
ldap.bindDn=CN=harmlessServiceAccount,OU=users,OU=Organic Units,DC=my,DC=domain
ldap.bindPassword=<the user password in clear text>
sonar.log.level=DEBUG
Sonarqube服务器报告以下错误:
And the sonarqube server reports the following error:
2016.07.13 10:19:38 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2016.07.13 10:19:38 ERROR web[o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
java.lang.IllegalStateException: Unable to open LDAP connection
...
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1^@]
...
我使用ldapsearch进行了完全相同的查询,但没有遇到任何问题.因此,我认为Active Directory服务是正确的,并接受该用户和DIGEST-MD5 SASL机制.
I did the exact same query with ldapsearch and did not meet any problem. So I think the Active Directory service is correct and accepts this user and the DIGEST-MD5 SASL mechanism.
我还通过声纳使用了同一个用户的SIMPLE(不安全)机制,它也正常"工作. 我还尝试将密码的md5哈希而不是密码放入. 我尝试了很多其他令我不感到骄傲的事情...
I also used the same user through sonarqube with the SIMPLE (unsecure) mechanism and it was working "properly" as well. I also tried to put the md5 hash of the password instead of the password. And I tried a lot of other things I'm not proud of...
我在线阅读了许多类似的问题(堆栈溢出,其他来源),但找不到解决方案. 您在我的配置中看到任何错误吗? 我注定要使用SIMPLE机制并让每个人的密码以明文形式四处移动吗? 我不能使用CRAM-MD5或GSSAPI,因为我公司的活动目录服务不支持它们.
I read many similar issues online (stack overflow, other sources) and couldn't find a solution yet. Do you see anything wrong in my configuration? Am I doomed to use the SIMPLE mechanism and let everyone's password move around in clear text? I cannot use CRAM-MD5 neither GSSAPI as they are not supported by my company's active directory service.
感谢您的帮助, 杰克
推荐答案
错误代码49中包含一个子代码,该子代码可以告诉您失败的原因是什么.您报告了:
The error code 49, has a subcode in it that tells you what the failure cause was. You reported:
[LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1^@]
数据52e 部分是关键.
查看我在此处维护的列表,您会看到52e对您的绑定用户而言意味着错误的密码. 525对您的用户而言将是错误的DN,因此您具有正确的LDAP DN,但密码错误.
Check out the list I maintain here, and you will see that 52e means bad password for your bind user. 525 would be bad DN for your user, so you have the correct LDAP DN, but the wrong password.
这篇关于sonarqube-活动目录ldap错误代码49的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
