我们尝试使用SonarQube 6.0配置LDAP插件2.0并遇到身份验证问题。 以下是sonar.properties文件中的条目
# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=false
ldap.url=ldap://my-ldap:3268/
ldap.baseDn=cn=user,dc=is-bg,dc=net
ldap.bindPassword=my-pass
# User Configuration
ldap.user.baseDn=cn=user,dc=is-bg,dc=net
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
当服务器启动时,日志文件看起来很好(这里有一些行 - 不是全部,日志级别是DEBUG)
2016.10.10 14:02:52 INFO web[o.s.s.p.ServerPluginRepository] Deploy plugin LDAP / 2.0 / 2910f3981167a70a201ccfae01471dfd26c794b7
2016.10.10 14:02:52 INFO web[o.s.s.p.ServerPluginRepository] Deploy plugin SVN / 1.3 / aff503d48bc77b07c2b62abf93249d0a20bd355c
2016.10.10 14:02:52 DEBUG web[o.s.c.p.PluginLoader] API compatibility mode is enabled on plugin C# [csharp] (built with API lower than 5.2)
2016.10.10 14:02:52 DEBUG web[o.s.c.p.PluginLoader] API compatibility mode is enabled on plugin Git [scmgit] (built with API lower than 5.2)
2016.10.10 14:02:53 DEBUG web[o.s.c.p.PluginLoader] API compatibility mode is enabled on plugin SVN [scmsvn] (built with API lower than 5.2)
2016.10.10 14:02:53 INFO web[o.s.d.c.MysqlCharsetHandler] Verify that database collation is case-sensitive
2016.10.10 14:02:53 INFO web[o.s.s.p.RailsAppsDeployer] Deploying Ruby on Rails applications
2016.10.10 14:02:53 INFO web[o.s.s.p.RailsAppsDeployer] Deploying app: ldap
2016.10.10 14:02:53 DEBUG web[o.s.c.i.DefaultI18n] Loaded 2384 properties from l10n bundles
2016.10.10 14:02:53 DEBUG web[o.s.s.s.ServerMetadataPersister] Persisting server metadata
2016.10.10 14:02:54 INFO web[o.s.s.p.UpdateCenterClient] Update center: http://update.sonarsource.org/update-center.properties (no proxy)
2016.10.10 14:02:54 DEBUG web[o.s.a.r.Languages] Available languages:
2016.10.10 14:02:54 DEBUG web[o.s.a.r.Languages] * C# => "cs"
2016.10.10 14:02:54 DEBUG web[o.s.a.r.Languages] * Java => "java"
2016.10.10 14:02:54 DEBUG web[o.s.a.r.Languages] * JavaScript => "js"
2016.10.10 14:02:54 INFO web[org.sonar.INFO] Security realm: LDAP
2016.10.10 14:02:54 INFO web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=cn=USER,dc=domain,dc=net, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2016.10.10 14:02:54 INFO web[o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
2016.10.10 14:02:54 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://my-ldap:3268/, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2016.10.10 14:02:54 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldap://my-ldap:3268/: OK
2016.10.10 14:02:54 INFO web[org.sonar.INFO] Security realm started
当我尝试从LDAP中的某个用户进行身份验证时,我收到此错误:
2016.10.10 14:03:12 INFO ce[o.s.ce.app.CeServer] Compute Engine is up
2016.10.10 14:03:12 INFO app[o.s.p.m.Monitor] Process[ce] is up
2016.10.10 14:06:16 DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user MY-USER
2016.10.10 14:06:16 DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=USER,dc=domain,dc=net, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[MY-USER], attributes=[mail, cn]}
2016.10.10 14:06:16 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://my-ldap:3268/, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
2016.10.10 14:06:16 DEBUG web[o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 ]
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) ~[na:1.8.0_91]
at javax.naming.directory.InitialDirContext.search(Unknown Source) ~[na:1.8.0_91]
at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130) ~[na:na]
at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143) ~[na:na]
at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:77) ~[na:na]
at org.sonar.api.security.ExternalUsersProvider.doGetUserDetails(ExternalUsersProvider.java:54) [sonar-plugin-api-6.0.jar:na]
at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:89) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:83) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:56) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:45) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:91) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:76) [sonar-server-6.0.jar:na]
at org.sonar.server.platform.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:125) [sonar-server-6.0.jar:na]
at org.sonar.server.platform.MasterServletFilter.doFilter(MasterServletFilter.java:94) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:56) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.RoutesFilter.doFilter(RoutesFilter.java:55) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.ProfilingFilter.doFilter(ProfilingFilter.java:84) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:191) [logback-access-1.1.3.jar:na]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_91]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_91]
2016.10.10 14:06:16 DEBUG web[o.s.p.l.LdapUsersProvider] User MY-USER not found in <default>
2016.10.10 14:06:16 ERROR web[o.s.s.a.RealmAuthenticator] Error during authentication
org.sonar.api.utils.SonarException: Unable to retrieve details for user MY-USER in <default>
at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:81) ~[na:na]
at org.sonar.api.security.ExternalUsersProvider.doGetUserDetails(ExternalUsersProvider.java:54) ~[sonar-plugin-api-6.0.jar:na]
at org.sonar.server.authentication.RealmAuthenticator.doAuthenticate(RealmAuthenticator.java:89) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.RealmAuthenticator.authenticate(RealmAuthenticator.java:83) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:56) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.CredentialsAuthenticator.authenticate(CredentialsAuthenticator.java:45) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:91) [sonar-server-6.0.jar:na]
at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:76) [sonar-server-6.0.jar:na]
at org.sonar.server.platform.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:125) [sonar-server-6.0.jar:na]
at org.sonar.server.platform.MasterServletFilter.doFilter(MasterServletFilter.java:94) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:56) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.RoutesFilter.doFilter(RoutesFilter.java:55) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.sonar.server.platform.ProfilingFilter.doFilter(ProfilingFilter.java:84) [sonar-server-6.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:191) [logback-access-1.1.3.jar:na]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_91]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_91]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_91]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) ~[na:1.8.0_91]
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) ~[na:1.8.0_91]
at javax.naming.directory.InitialDirContext.search(Unknown Source) ~[na:1.8.0_91]
at org.sonar.plugins.ldap.LdapSearch.find(LdapSearch.java:130) ~[na:na]
at org.sonar.plugins.ldap.LdapSearch.findUnique(LdapSearch.java:143) ~[na:na]
at org.sonar.plugins.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:77) ~[na:na]
... 35 common frames omitted
我无法解决这个问题。
答案 0 :(得分:0)
我认为您必须添加以下配置:
sonar.forceAuthentication=true
ldap.bindDn=[YOURLDAPSERVICEUSER]
ldap.bindPassword=[YOURLDAPSERVICEUSERPWD]
ldap.user.baseDn=ou=[YOUROU],dc=[DOMAINNAME]
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
您不应更改最后一行,但必须替换标有[]
的参数