如何将技术用户迁移到LDAP用户? [英] How to migrate a technical user to a LDAP one?
问题描述
我几乎将所有用户设置为本地用户(技术上如SonarQube文档所称),并且已经安装并安装了&配置了LDAP插件2.2以连接到我的Active Directory.
I have nearly all my users setup as local (technical as SonarQube doc calls them) users and just installed & configured the LDAP plugin 2.2 to connect to my Active Directory.
连接正常:如果SonarQube未知但LDAP中存在的用户尝试登录,则会自动创建该用户.
The connection works fine: if an user unknown to SonarQube but existing in LDAP tries to log in, its user is automatically created.
我想将现有的SonarQube用户(未链接到LDAP)转换为LDAP用户,以便自动更新其密码和组成员身份,但是在文档中找不到如何执行此操作.
I'd like to convert my existing SonarQube users (not linked to LDAP) to LDAP users so that their password and group memberships are automatically updated, but could not find how to do this in the documentation.
我找到了此答案如何将本地用户更改为ldap ,但是没有用:当我尝试使用LDAP凭据登录并进行相同的登录时,出现身份验证失败"的提示.
I found this answer how to change a local user to ldap, but it didn't work: when I try to login with LDAP credentials and the same login, I get an "Authentication failed.".
一些背景:
- 在某个时间点(即几年前和SonarQube版本),我已经配置了LDAP插件,并且一切都按预期工作.此配置在更新过程中以某种方式消失了,并且LDAP用户全部转换为技术用户(或者我假设是).
- 我找不到删除用户的方法(如我上面链接的SO帖子中所建议),只能停用.语义学,但可能有一定重要性.
- 我正在运行SonarQube 5.6.1.
我更新到最新的LTS版本5.6.6. 激活跟踪日志后: 当我尝试使用停用的本地用户登录时(希望可以在LDAP中找到它):
I updated to the latest LTS version 5.6.6. With trace logs activated: When I try to log in with a deactivated local user (hoping that this would find it in LDAP):
TRACE web[sql] time=0ms | sql=SELECT count(`users`.id) AS count_id FROM `users` WHERE (login='tguerin' and user_local=1)
TRACE web[sql] time=1ms | sql=SELECT * FROM `users` WHERE (login='tguerin' AND active=1) LIMIT 1
TRACE web[sql] time=0ms | sql=SELECT * FROM `properties` WHERE (((`properties`.`resource_id` IS NULL AND `properties`.`user_id` IS NULL)) AND (`properties`.`prop_key` = 'sonar.allowUsersToSignUp')) LIMIT 1
DEBUG web[http] POST /sessions/login | time=224ms
日志中没有其他内容:没有对LDAP的呼叫
Nothing more in the logs: no call to LDAP
当我尝试使用不存在的用户(既不是本地用户也不是LDAP)登录时:
When I try to log in with a user that doesn't exist (neither as local nor in LDAP):
TRACE web[sql] time=3ms | sql=SELECT count(`users`.id) AS count_id FROM `users` WHERE (login='notLocal' and user_local=1)
DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user notLocal
DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=...), parameters=[notLocal], attributes=[mail, cn]}
DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://x.x.x.x:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=..., com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
DEBUG web[o.s.p.l.LdapUsersProvider] User notLocal not found in <default>
TRACE web[sql] time=0ms | sql=SELECT * FROM `properties` WHERE (((`properties`.`resource_id` IS NULL AND `properties`.`user_id` IS NULL)) AND (`properties`.`prop_key` = 'sonar.allowUsersToSignUp')) LIMIT 1
DEBUG web[http] POST /sessions/login | time=66ms
先检查数据库,然后再检查LDAP.
The database is checked, then LDAP, as expected.
Edit2:为排除服务器上特定配置/插件的问题,我启动了一个Docker Sonarqube 5.6.6容器,添加了本地用户,添加了LDAP插件(重新启动,LDAP配置正常),停用了该用户,尝试登录:行为相同(即未查询LDAP服务器)
to rule out a problem with a particular config/plugin on my server, I fired up a Docker Sonarqube 5.6.6 container, added a local user, added LDAP plugin (restarted, LDAP config ok), deactivated the user, tried to log in: same behaviour (i.e. the LDAP server is not queried)
推荐答案
由于似乎没有任何效果,我决定检查数据库.
As nothing seemed to work, I decided to inspect the database.
将表users中的字段user_local从0更改为1可以解决问题.我无法想象这是SonarQube推荐的,但是到目前为止,我还没有发现任何副作用.
Changing field user_local in table users from 0 to 1 did the trick. I can't imagine this being recommended by SonarQube, but as of now, I did not find any side effects.
这篇关于如何将技术用户迁移到LDAP用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
