I am havig a problem with sonarqube 8.6 LDAP integration with Centos7 vserver.
I tried many different configurations but never succeded.
Can anybody help to figure it out?
#.cer format
[root@snrsrv1]# keytool-import-trustcacerts-alias ca-file /etc/pki/ca-trust/source/anchors/sonar-cert.cer-keystore cacerts
[root@snrsrv1]# update-ca-trust
#.jks format
[root@snrsrv1]# cp /etc/pki/ca-trust/source/anchors/sonar-cert.cer /etc/pki/ca-trust/source/anchors/ldap.cer
[root@snrsrv1]# keytool -importcert -file ldap.cer -keystore ldap-certificate.jks -alias "ActiveDirectory-Ldap"
update-ca-trust
--- I set the passwords to be SonarTest2020.
Verfication
[root@snrsrv1 conf]# keytool -list --keystore /etc/pki/ca-trust/source/anchors/ldap-certificate.jks
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
activedirectory-ldap, Dec 30, 2020, trustedCertEntry,
Certificate fingerprint (SHA-256): D8:96:AD:F7:D6:C2:EC:45:B2:40:56:A1:C2:A4:AB:57:70:A1:78:B7:35:D9:F2:FC:3E:64:9C:31..
I also downloaded ldap admin desktop version in order to test LDAP credentials whether works or not, credentials works.
sonarcube conf file.
[root@snrsrv1 conf]# cat sonar.properties | grep -v "#"
### Web Settings ###
sonar.web.host=0.0.0.0
sonar.web.javaOpts=-Xms8192m -Xmx8192m -XX:+HeapDumpOnOutOfMemoryError
sonar.web.port=9000
sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/source/anchors/ldap-certificate.jks -Djavax.net.ssl.trustStorePassword=123456
#sonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/source/anchors/ldap-certificate.jks -Djavax.net.ssl.trustStorePassword=123456
### Database Settings ###
sonar.jdbc.password=SonarTest2020
sonar.jdbc.url=jdbc:postgresql://192.168.1.23:5432/sqdb
sonar.jdbc.username=squser
### Log Settings ###
sonar.web.accessLogs.enable=true
sonar.log.level.app=DEBUG
sonar.log.level.ce=DEBUG
sonar.log.level=DEBUG
sonar.log.level.es=DEBUG
sonar.log.level.web=DEBUG
sonar.path.logs=/var/log/sonarqube/
sonar.search.javaOpts=-Xms8192m -Xmx8192m -XX:+HeapDumpOnOutOfMemoryError
## Ldap General ##
sonar.security.realm=LDAP
ldap.url=ldaps://192.168.1.56:3269
#ldap.realm=mydomain
#ldap.authentication=simple
#sonar.authenticator.downcase=false
ldap.bindDN="CN=sonaruser,OU=ServiceAccounts,DC=mydomain,DC=net"
ldap.bindPassword=SonarTest202012
ldap.StartTLS=true
## Ldap User ##
ldap.user.baseDn="CN=User Accounts,DC=mydomain,DC=net"
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute="cn"
ldap.user.emailAttribute="mail"
## ldap Group ##
ldap.group.baseDn="OU=Groups,DC=mydomain,DC=net"
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute="sAMAccountName"
/var/log/sonarqube/web.log
2020.12.30 13:52:14 INFO web[o.s.s.s.LogServerId] Server ID: xxxxx
2020.12.30 13:52:14 INFO web[org.sonar.INFO] Security realm: LDAP
2020.12.30 13:52:14 INFO web[o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=“CN=User Accounts,DC=mydomain,DC=net”, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=“cn”, emailAttribute=“mail”}
2020.12.30 13:52:14 INFO web[o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=“OU=Groups,DC=mydomain,DC=net”, idAttribute=“sAMAccountName”, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2020.12.30 13:52:14 DEBUG web[jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:6100026fcc053200b18391000002, Subject:CN=MYDOMAIN ENTERPRISE CA, DC=mydomain, DC=net, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:-431972142, Valid from:4/28/18, 12:54 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:52:14 DEBUG web[jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:461be05e3472d4dc2b166b32c759, Subject:CN=MYDOMAIN ROOT CA, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:781411179, Valid from:4/28/18, 12:01 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:52:14 INFO web[o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
2020.12.30 13:52:14 ERROR web[o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
at org.picocontainer.behaviors.Stored.start(Stored.java:110)
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:559)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.sonar.auth.ldap.LdapException: Unable to open LDAP connection
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:214)
at org.sonar.auth.ldap.LdapRealm.init(LdapRealm.java:63)
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:87)
… 19 common frames omitted
Caused by: javax.naming.CommunicationException: Connection or outbound has closed
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3432)
at java.naming/javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184)
at org.sonar.auth.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:119)
at org.sonar.auth.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:95)
at org.sonar.auth.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:210)
… 21 common frames omitted
Caused by: java.net.SocketException: Connection or outbound has closed
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1195)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:405)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:378)
at java.naming/com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1204)
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3379)
… 25 common frames omitted
2020.12.30 13:52:14 DEBUG web[o.s.s.p.Platform] Background initialization of SonarQube done
2020.12.30 13:52:14 INFO web[o.s.p.ProcessEntryPoint] Hard stopping process
2020.12.30 13:52:14 DEBUG web[o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager is shutting down
2020.12.30 13:52:14 DEBUG web[o.a.h.i.n.c.ManagedNHttpClientConnectionImpl] http-outgoing-0 127.0.0.1:44300<->127.0.0.1:9001[ACTIVE][r:r]: Close
2020.12.30 13:52:14 DEBUG web[o.a.h.i.n.c.InternalIODispatch] http-outgoing-0 [CLOSED]: Disconnected
2020.12.30 13:52:14 DEBUG web[o.a.h.i.n.c.PoolingNHttpClientConnectionManager] Connection manager shut down
Changed the ldap.StartTLS=false and it throws an error.
…
2020.12.30 13:52:14 INFO web[o.s.s.s.LogServerId] Server ID: xxxxx
2020.12.30 13:56:19 INFO web[org.sonar.INFO] Security realm: LDAP
2020.12.30 13:56:19 INFO web[o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=“CN=User Accounts,DC=mydomain,DC=net”, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=“cn”, emailAttribute=“mail”}
2020.12.30 13:56:19 INFO web[o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=“OU=Groups,DC=mydomain,DC=net”, idAttribute=“sAMAccountName”, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2020.12.30 13:56:19 DEBUG web[o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldaps://192.168.1.56:3269, java.naming.security.authentication=simple}
2020.12.30 13:52:14 DEBUG web[jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:6100026fcc053200b18391000002, Subject:CN=MYDOMAIN ENTERPRISE CA, DC=mydomain, DC=net, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:-431972142, Valid from:4/28/18, 12:54 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:52:14 DEBUG web[jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:461be05e3472d4dc2b166b32c759, Subject:CN=MYDOMAIN ROOT CA, Issuer:CN=MYDOMAIN ROOT CA, Key type:RSA, Length:2048, Cert Id:781411179, Valid from:4/28/18, 12:01 PM, Valid until:4/28/28, 12:11 PM
2020.12.30 13:56:19 INFO web[o.s.a.l.LdapContextFactory] Test LDAP connection: FAIL
2020.12.30 13:56:19 ERROR web[o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.api.utils.SonarException: Security realm fails to start: Unable to open LDAP connection
at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:93)
at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
at org.picocontainer.behaviors.Stored.start(Stored.java:110)
at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:559)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
at org.sonar.server.platform.PlatformImpl$
