Authentication Methods

Anonymous Used when only read-only access to non-protected entries and attributes is needed when binding to the LDAP server.
Simple Simple authentication is not recommended for production deployments not using the ldaps secure protocol since it sends a cleartext password over the network.
CRAM-MD5 The Challenge-Response Authentication Method (CRAM) based on the HMAC-MD5 MAC algorithm (RFC 2195).
DIGEST-MD5 This is an improvement on the CRAM-MD5 authentication method (RFC 2831).
GSSAPI GSS-API is Generic Security Service API (RFC 2744). One of the most popular security services available for GSS-API is the Kerberos v5, used in Microsoft's Windows 2000 platform.

For a full discussion of LDAP authentication approaches, see RFC 2829 and RFC 2251.

Multiple Servers

To configure multiple servers:

`# List the different servers` `ldap.servers=server1,server2` `# Configure server1` `ldap.server1.url=ldap://server1:1389` `ldap.server1.user.baseDn=dc=dept1,dc=com` `...` `# Configure server2` `ldap.server2.url=ldap://server2:1389` `ldap.server2.user.baseDn=dc=dept2,dc=com` `...`

Authentication will be tried on each server, in the order they are listed in the configurations, until one succeeds. User/Group mapping will be performed against the first server on which the user is found.

Note that all the LDAP servers must be available while (re)starting the SonarQube server.

Troubleshooting

Detailed connection logs (and potential error codes received from LDAP server) are printed within SonarQube logs, in DEBUG mode.

Time out when running SonarQube analysis using LDAP
Java parameters are documented here: http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html . Such parameters can be set in sonar.web.javaAdditionalOpts (sonar.properties).

Kerberos Troubleshooting resources
- Enabling Kerberos Logging
- Troubleshooting Kerberos Delegation
Troubleshooting NTLM
- Enabling NTLM Logging