This is an archived version of the documentation for SonarQube-7.3.
See the Latest Documentation for current functionality.

LDAP Advanced topics

Authentication Methods

  • Anonymous Used when only read-only access to non-protected entries and attributes is needed when binding to the LDAP server.

  • Simple Simple authentication is not recommended for production deployments not using the ldaps secure protocol since it sends a cleartext password over the network.

  • CRAM-MD5 The Challenge-Response Authentication Method (CRAM) based on the HMAC-MD5 MAC algorithm (RFC 2195).

  • DIGEST-MD5 This is an improvement on the CRAM-MD5 authentication method (RFC 2831).

  • GSSAPI GSS-API is Generic Security Service API (RFC 2744). One of the most popular security services available for GSS-API is the Kerberos v5, used in Microsoft's Windows 2000 platform.

For a full discussion of LDAP authentication approaches, see RFC 2829 and RFC 2251.

Multiple Servers

To configure multiple servers:

# List the different servers
ldap.servers=server1,server2

# Configure server1
ldap.server1.url=ldap://server1:1389
ldap.server1.user.baseDn=dc=dept1,dc=com
...

# Configure server2
ldap.server2.url=ldap://server2:1389
ldap.server2.user.baseDn=dc=dept2,dc=com
...

Authentication will be tried on each server, in the order they are listed in the configurations, until one succeeds. User/Group mapping will be performed against the first server on which the user is found.

Note that all the LDAP servers must be available while (re)starting the SonarQube server.

Troubleshooting

  • Detailed connection logs (and potential error codes received from LDAP server) are printed within SonarQube logs, in DEBUG mode.