声纳 5.6 &LDAP 2.0 验证失败 [英] sonarqube 5.6 & LDAP 2.0 failing to authenticate
问题描述
我正在测试升级到 sonarqube 5.6 并已安装 ldap 2.0 插件 &将相关配置复制到我的测试 5.6 设置.
相关配置是
sonar.security.realm=LDAPldap.url=ldaps://xxxx:636ldap.bindDn=uid=xxxx,ou=xxxx,dc=xxxx,dc=xxxxldap.bindPassword=xxxxldap.user.baseDn=dc=xxxx,dc=comldap.user.request=(&(objectClass=person)(mail={login}))ldap.user.realNameAttribute=cnldap.user.emailAttribute=邮件我在 conf/sonar.properties 中有以下设置
sonar.log.level=DEBUG在启动时我看到
2016.07.26 23:57:29 INFO web[o.s.p.l.LdapContextFactory] 在 ldaps://xxxx:636 上测试 LDAP 连接:OK2016.07.26 23:57:29 INFO web[org.sonar.INFO] 安全领域开始如果我尝试登录,我会在登录屏幕上看到身份验证失败".日志文件只说
2016.07.26 23:57:47 DEBUG web[http] GET/|时间=67ms2016.07.26 23:57:47 调试网页[http] GET/|时间=187ms2016.07.26 23:57:47 调试网页[http] GET/sessions/new |时间=89ms2016.07.26 23:57:53 DEBUG web[http] POST/sessions/login |时间=71ms同样的配置适用于 sonarqube 4.5.7 和 ldap 1.4
欢迎提出如何进一步调查的想法.
您最有可能遇到已知问题 SONAR-7770 - 如果在升级过程中忘记了 LDAP 配置,则身份验证失败.请注意,针对此问题发布了升级说明:p><块引用>
最具体地说,不要忘记将相关的 SonarQube 插件及其相关配置复制到conf/sonar.properties"中.(包括sonar.security.realm"和sonar.security.localUsers",如果存在)到新的 SonarQube 实例,否则迁移后您将被锁定.
因此,即使在升级过程中,此 LDAP 配置也很重要.如果您确实错过了,那么最简单的方法是在正确设置 LDAP 相关配置的情况下重放升级.
上下文
请记住,在升级期间,SonarQube 会更新数据集并将新信息存储在数据库中(基于新功能).在您的情况下,问题是升级是通过部分配置完成的(未设置 sonar.security.realm 和 sonar.security.localUsers),并且SonarQube 无法确定用户是否是本地用户,因此默认将它们视为本地用户.本地用户未针对外部身份验证提供程序进行身份验证,而是在本地进行身份验证,这确实是我们在您的日志中看到的内容(显然它失败了,因为密码位于 LDAP 服务器中,而不是 SonarQube 数据库中).
I am testing an upgrade to sonarqube 5.6 and have installed the ldap 2.0 plugin & copied the relevant configuration forward to my test 5.6 setup.
The relevant config is
sonar.security.realm=LDAP
ldap.url=ldaps://xxxx:636
ldap.bindDn=uid=xxxx,ou=xxxx,dc=xxxx,dc=xxxx
ldap.bindPassword=xxxx
ldap.user.baseDn=dc=xxxx,dc=com
ldap.user.request=(&(objectClass=person)(mail={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
I have the following set in conf/sonar.properties
sonar.log.level=DEBUG
On startup I see
2016.07.26 23:57:29 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://xxxx:636: OK
2016.07.26 23:57:29 INFO web[org.sonar.INFO] Security realm started
If I attempt to login, I get "Authentication failed" on the login screen. The log file says nothing other than
2016.07.26 23:57:47 DEBUG web[http] GET / | time=67ms
2016.07.26 23:57:47 DEBUG web[http] GET / | time=187ms
2016.07.26 23:57:47 DEBUG web[http] GET /sessions/new | time=89ms
2016.07.26 23:57:53 DEBUG web[http] POST /sessions/login | time=71ms
The same configuration works fine with sonarqube 4.5.7 and ldap 1.4
Ideas welcome on how to investigate further.
You're most likely hitting known issue SONAR-7770 - Authentication fails if LDAP configuration has been forgotten during the upgrade . Note that an Upgrade Note was issued for this problem:
Most specifically, don't forget to copy the related SonarQube plugin and its related configuration in "conf/sonar.properties" (including "sonar.security.realm" and "sonar.security.localUsers" if present) into the new SonarQube instance otherwise you will be locked out after migration.
So it's important that this LDAP configuration is there even during the upgrade. If you did miss that then the easiest way forward here is to replay the upgrade with the LDAP-related configuration correctly set.
Context
Keep in mind that during an upgrade SonarQube updates the dataset and also stores new information in database (based on new features). The problem in your case would be that the upgrade was done with a partial config (which didn't set sonar.security.realm and sonar.security.localUsers) , and SonarQube couldn't figure out whether users were local or not, hence treating them as local by default. Local users are not authenticated against external authentication providers but locally, which is indeed what we're seeing in your logs (and it's obviously failing because the password lives in LDAP server, not in SonarQube database).
这篇关于声纳 5.6 &LDAP 2.0 验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
