关于sonarqube和active directory之间的简单ldap连接

kqqjbcuj  于 2021-06-29  发布在  Java
关注(0)|答案(0)|浏览(486)

我正在本地服务器上运行sonarqube企业版。我正在尝试确保ldap在sonarqube web端与active directory集成。
我在sonarqube社区论坛上打开了一个类似的任务,并通过这个链接跟踪它。
现在,我正在尝试通过使用不带ssl的simple方法进行连接来完成我的第一个测试。
ldap连接成功,但当用户发送登录请求时,会给出错误代码“ldap:error code 1-000004dc:ldaper:dsid-0c090a4c”。在许多地方,用户已经编写了一个密码错误,但是当用ldapsearch命令手动检查它时,我可以得到一个响应。
我也有不同的ldap应用程序使用我的activedirectory环境,它们工作得很好(如吉拉、Jenkins等)
当我调查这个问题时,我发现许多用户可以使用类似的配置进行连接。当我用ldap管理工具检查属性和其他定义时,需要不同设置的参数不会出现。但我无法连接。我在手动测试中得到了一个成功的结果,我知道我实际上需要能够连接。但它看起来像是一个基于这个应用程序的bug。
我在下面分享我的信息,你能帮我吗?

Ldap User: test.user
Server Os: CentOS Linux release 7.9.2009 (Core)
Sonarqube Version: sonarqube-enterprise-8.6.0.39681 (onpremise)

[root@sonarqubeserver]# cat sonar.properties
...
sonar.security.realm=LDAP
ldap.url=ldap://192.168.1.2:3268

ldap.realm=mydomain.net
ldap.authentication=simple
sonar.authenticator.downcase=true

ldap.bindDN=CN=adsvcuser,OU=ServiceAccounts,DC=mydomain,DC=net
ldap.bindPassword=PasswordTest123!Testtt

ldap.user.baseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

## ldap Group ##

ldap.group.baseDn=OU=Groups,DC=mydomain,DC=net
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute=sAMAccountName

[root@sonarqubeserver]# ldapsearch -x -b "OU=TR,OU=User Accounts,DC=mydomain,DC=net" -D "CN=adsvcuser,OU=ServiceAccounts,DC=mydomain,DC=net" -H ldap://192.168.1.2:3268 -w 'PasswordTest123!Testtt' "(&(objectClass=user)(sAMAccountName=test.user))"

# extended LDIF

# 

# LDAPv3

# base <OU=TR,OU=User Accounts,DC=mydomain,DC=net> with scope subtree

# filter: (&(objectClass=user)(sAMAccountName=test.user))

# requesting: ALL

# 

# test.user, TR, User Accounts, mydomain.net

dn: CN=test.user,OU=TR,OU=User Accounts,DC=mydomain,DC=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test.user
sn: user
c: TR
l: Istanbul
telephoneNumber: 12312412312412
givenName: test
distinguishedName: CN=test.user,OU=TR,OU=User Accounts,DC=mydomain,DC=net
instanceType: 4
whenCreated: 12312412341232.0Z
whenChanged: 41231231241231.0Z
displayName: test.user | MyDomain
uSNCreated: 35664044
memberOf: xxx
...
uSNChanged: 174906273
name: test.user
objectGUID:: fklasjdkalsjdklafjakls==
userAccountControl: 512
primaryGroupID: 513
objectSid:: asajknfajsnqwe1samndnomnfndsmadn==
sAMAccountName: test.user
sAMAccountType: 214123342
userPrincipalName: test.user@mydomain.net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=net
dSCorePropagationData: 12312412312563.0Z
dSCorePropagationData: 56890458497343.0Z
lastLogonTimestamp: 132540485078534934
mail: test.user@mydomain.net
manager: CN=Mrs X,OU=TR,OU=User Accounts,DC=mydomain,DC=net

# search result

search: 2
result: 0 Success

# numResponses: 2

# numEntries: 1

[root@sonarqubeserver]# tail -f /var/log/sonarqube/web.log

2021.01.03 15:15:32 INFO  web[][o.s.s.s.LogServerId] Server ID: 21das2d-DASdlak2142ld2aksdlsk12
2021.01.03 15:15:32 INFO  web[][org.sonar.INFO] Security realm: LDAP
2021.01.03 15:15:32 INFO  web[][o.s.a.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2021.01.03 15:15:32 INFO  web[][o.s.a.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=OU=Groups,DC=mydomain,DC=net, idAttribute=sAMAccountName, requiredUserAttributes=[dn], request=(&(objectClass=group)(member={0}))}
2021.01.03 15:15:32 DEBUG web[][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.sasl.realm=mydomain.net, java.naming.provider.url=ldap://192.168.1.2:3268, java.naming.security.authentication=simple}
2021.01.03 15:15:32 INFO  web[][o.s.a.l.LdapContextFactory] Test LDAP connection on ldap://192.168.1.2:3268: OK
2021.01.03 15:15:32 INFO  web[][org.sonar.INFO] Security realm started
2021.01.03 15:15:32 WARN  web[][o.s.a.s.w.WebService$Action] The response example is not set on action api/plugins/download
...
...
...
2021.01.03 15:15:44 DEBUG web[][o.s.s.p.ServerLifecycleNotifier] Notify ServerStopHandler handlers...
2021.01.03 15:15:44 INFO  web[][o.s.s.p.Platform] WebServer is operational
2021.01.03 15:15:44 DEBUG web[][o.s.s.p.Platform] Background initialization of SonarQube done
2021.01.03 15:16:11 DEBUG web[AXbILSguJzbHg1R2AAAB][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|82.24.129.13][login|]
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] Requesting details for user test.user
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapSearch] Search: LdapSearch{baseDn=OU=TR,OU=User Accounts,DC=mydomain,DC=net, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[test.user], attributes=[mail, cn]}
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.sasl.realm=mydomain.net, java.naming.provider.url=ldap://192.168.1.2:3268, java.naming.security.authentication=simple}
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
    at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
    at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
    at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
    at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
    at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
    at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
    at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
    at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
    at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
    at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
    at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
    at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
    at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
    at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:834)
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][o.s.a.l.LdapUsersProvider] User test.user not found in <default>
2021.01.03 15:16:23 ERROR web[AXbILSguJzbHg1R2AAAE][o.s.s.a.CredentialsExternalAuthentication] Error during authentication
org.sonar.auth.ldap.LdapException: Unable to retrieve details for user test.user in <default>
    at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:84)
    at org.sonar.auth.ldap.LdapUsersProvider.doGetUserDetails(LdapUsersProvider.java:58)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.doAuthenticate(CredentialsExternalAuthentication.java:96)
    at org.sonar.server.authentication.CredentialsExternalAuthentication.authenticate(CredentialsExternalAuthentication.java:90)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:66)
    at org.sonar.server.authentication.CredentialsAuthentication.authenticate(CredentialsAuthentication.java:54)
    at org.sonar.server.authentication.ws.LoginAction.authenticate(LoginAction.java:121)
    at org.sonar.server.authentication.ws.LoginAction.doFilter(LoginAction.java:100)
    at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
    at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
    at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
    at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
    at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]
    at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
    at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1815)
    at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
    at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
    at org.sonar.auth.ldap.LdapSearch.find(LdapSearch.java:130)
    at org.sonar.auth.ldap.LdapSearch.findUnique(LdapSearch.java:143)
    at org.sonar.auth.ldap.LdapUsersProvider.getUserDetails(LdapUsersProvider.java:80)
    ... 51 common frames omitted
2021.01.03 15:16:23 DEBUG web[AXbILSguJzbHg1R2AAAE][auth.event] login failure [cause|Unable to retrieve details for user test.user in <default>][method|FORM][provider|REALM|LDAP][IP|127.0.0.1|82.24.129.13][login|test.user]

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题