SonarQube LDAP认证似乎加载,但不会允许通过域用户登录 [英] SonarQube LDAP Authentication seems to load but won't allow login via domain user
问题描述
我一直在试图建立SonarQube(V4.1)与LDAP身份验证插件(V1.4),我只是无法得到它来验证我的域用户。我配置的设置如下:
#########################
#LDAP配置
#########################
#常规配置
sonar.security.realm = LDAP
sonar.security.savePassword =真
sonar.security.updateUserAttributes =真
sonar.authenticator.downcase =真
sonar.authenticator.createUsers =真
ldap.authentication =简单
ldap.realm = mydomain.co.uk
ldap.bindDn = CN =用户名,OU =开发商,DC = MYDOMAIN,DC =合作,直流=英国
ldap.bindPassword = PASSWORD
#用户配置
#ldap.user.baseDn = OU =开发商,DC = MYDOMAIN,DC =合作,直流=英国
ldap.user.request =(及(对象类=用户)(sAMAccountName赋= {}登录))
ldap.user.realNameAttribute = CN
ldap.user.emailAttribute =邮件
#组配置
ldap.group.baseDn = CN =域用户,CN =用户,DC =阿达斯特拉,DC =合作,直流=英国
ldap.group.request =(及(对象类=组)(成员= {} DN))
和日志输出以下messges,似乎说,LDAP连接工作正常:
2014年1月20日16点12分32秒INFO [org.sonar.INFO]安全的境界:LDAP
2014年1月20号十六时12分32秒INFO [osplLdapSettingsManager]自动发现模式
2014年1月20号十六时12分32秒INFO [osplLdapSettingsManager]检测到的服务器:LDAP://dc02.mydomain.co.uk:389
2014年1月20号十六时12分32秒INFO [osplLdapSettingsManager]用户映射:LdapUserMapping {的baseDn = DC = MYDOMAIN,DC =合作,直流=英国,要求=(及(对象类=用户)(sAMAccountName赋= {0})) ,realNameAttribute = CN,emailAttribute =邮件}
2014年1月20号十六时12分32秒INFO [osplLdapSettingsManager]组映射:LdapGroupMapping {的baseDn = CN =域用户,CN =用户,DC = MYDOMAIN,DC =合作,直流=英国,idAttribute = CN,requiredUserAttributes = [DN] ,请求=(及(对象类=组)(成员= {0}))}
//dc02.mydomain.co.uk:389:二〇一四年一月二十○日16时12分32秒INFO [osplLdapContextFactory]测试LDAP的LDAP连接正常
2014年1月20号十六时12分32秒INFO [org.sonar.INFO]安全的境界开始
但它只是似乎并没有为我的用户工作,除非我用一个本地用户。当设置在包装启用日志记录:
wrapper.console.loglevel = DEBUG
我得到它并不能真正帮助那么多的日志中出现以下错误! :)
从外部用户提供 二零一四年一月二十○日17点○七分10秒错误[轨]错误:
感谢@aaron谁管理,点我在正确的方向!对于我的问题是与自动发现和我连接到森林中的一个问题。据<一href="http://technet.microsoft.com/en-us/library/cc978012.aspx">http://technet.microsoft.com/en-us/library/cc978012.aspx你应该使用不同的端口连接到森林的时候,这样它就可以搜索整个森林而你碰巧域连接到(我想可能不是正确的自动发现方式)。到底是为我工作的配置是:
#常规配置
ldap.realm = mydomain.com
sonar.security.realm = LDAP
sonar.authenticator.createUsers =真
sonar.security.savePassword =真
sonar.security.updateUserAttributes =真
与ldap.URL = LDAP://dc.mydomain.com:3268
#用户配置
ldap.user.request =(及(对象类=用户)(sAMAccountName赋= {}登录))
ldap.user.realNameAttribute = CN
ldap.user.emailAttribute =邮件
这其实很简单,不需要用户帐户与连接。这意味着,在简单验证模式(我似乎无法得到它在别的工作),但是这是我没问题,因为它是一个内部的系统。
I've been trying to setup SonarQube (v4.1) with the LDAP authentication plugin (v1.4) and I just can't get it to authenticate against my domain user. My config is setup as follows:
#########################
# LDAP configuration
#########################
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.security.updateUserAttributes=true
sonar.authenticator.downcase=true
sonar.authenticator.createUsers=true
ldap.authentication=simple
ldap.realm=mydomain.co.uk
ldap.bindDn=CN=USERNAME,OU=developers,DC=mydomain,DC=co,DC=uk
ldap.bindPassword=PASSWORD
# User Configuration
#ldap.user.baseDn=OU=developers,DC=mydomain,DC=co,DC=uk
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
# Group Configuration
ldap.group.baseDn=CN=Domain Users,CN=Users,DC=adastra,DC=co,DC=uk
ldap.group.request=(&(objectClass=group)(member={dn}))
and the log outputs the following messges that seem to say that the LDAP connection is working fine:
2014.01.20 16:12:32 INFO [org.sonar.INFO] Security realm: LDAP
2014.01.20 16:12:32 INFO [o.s.p.l.LdapSettingsManager] Auto discovery mode
2014.01.20 16:12:32 INFO [o.s.p.l.LdapSettingsManager] Detected server: ldap://dc02.mydomain.co.uk:389
2014.01.20 16:12:32 INFO [o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=dc=mydomain,dc=co,dc=uk, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2014.01.20 16:12:32 INFO [o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=CN=Domain Users,CN=Users,DC=mydomain,DC=co,DC=uk, idAttribute=cn, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2014.01.20 16:12:32 INFO [o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://dc02.mydomain.co.uk:389: OK
2014.01.20 16:12:32 INFO [org.sonar.INFO] Security realm started
But it just doesn't seem to work for my user unless I use a local user. When enabling logging on the wrapper by setting:
wrapper.console.loglevel=DEBUG
I get the following error in the logs which doesn't really help that much! :)
2014.01.20 17:07:10 ERROR [rails] Error from external users provider:
Thanks to @aaron who managed to point me in the right direction! For my issue it was a problem with the auto-discovery and the forest I was connecting to. According to http://technet.microsoft.com/en-us/library/cc978012.aspx you should use a different port when connecting to a forest so that it can then search the whole forest rather that the domain you happen to connect to (which I suppose might not be the correct one in auto-discovery mode). In the end the configuration that worked for me was:
# General Configuration
ldap.realm=mydomain.com
sonar.security.realm=LDAP
sonar.authenticator.createUsers=true
sonar.security.savePassword=true
sonar.security.updateUserAttributes=true
ldap.url=ldap://dc.mydomain.com:3268
# User Configuration
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
Which is actually quite simple and doesn't require a user account to connect with. This means it is in SIMPLE authentication mode (I can't seem to get it to work in anything else) but that is fine with me as it's an internal only system.
这篇关于SonarQube LDAP认证似乎加载,但不会允许通过域用户登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
