SonarQube 5.6 LDAP(FreeIPA)身份验证的用户没有组

本文介绍了SonarQube 5.6 LDAP(FreeIPA)身份验证的用户没有组的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在stackoverflow上看到了一些帖子，例如和，但问题仍然存在.我将声纳波从5.3更新到了5.6.这是我的配置示例:

I saw some posts on stackoverflow, like this one and this, but problem still exists. I updated sonarqube from 5.3 to 5.6. Here's example of my config:

sonar.security.realm=LDAP
sonar.security.savePassword=false
sonar.security.localUsers=admin
ldap.authentication=simple
ldap.url=ldap://ipa.company.com
ldap.bindDn=uid=ldap_search,cn=users,cn=accounts,dc=company,dc=com
ldap.bindPassword=*************

ldap.user.baseDn=cn=users,cn=accounts,dc=company,dc=com
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

ldap.group.baseDn=cn=groups,cn=accounts,dc=company,dc=com
ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))
ldap.group.idAttribute=cn

问题出在身份验证上.如果我创建本地用户，那么根据此文档(本地用户块).如果我第一次使用FreeIPA帐户进行身份验证，我会看到新创建的声纳用户，但是它没有组(例如 sonar-users ，但他实际上是 sonar-users 在FreeIPA组中)

The problem is in authentication. If i create local user, then i can't authenticate using same LDAP (FreeIPA) account, according to this docs (Local users block). If i authenticate first time with FreeIPA account i see newly created sonar user, but it has no groups (sonar-users for example, but he is actually a member of sonar-users in FreeIPA groups)

以下是声纳库中的测试帐户示例- http://joxi.ru/zAN46EXcb9gem9 和测试帐户在FreeIPA中- http://joxi.ru/VrwnzgDcBeGxAX .甚至，当我以管理员身份登录并向测试用户添加组时，它们在下次登录后也会消失.

Here's example of test account in sonarqube - http://joxi.ru/zAN46EXcb9gem9, and test account in FreeIPA - http://joxi.ru/VrwnzgDcBeGxAX.Even, when i login with admin and add groups to test user, they disappear after next login.

这是mysql sonar.users db中的示例:

Here's example from mysql sonar.users db:

| id | login                    | updated_at    | external_identity        | external_identity_provider | user_local |
| 32 | test                     | 1494580874688 | test                     | sonarqube                  |          0 |

请帮助我找到解决方案.

Please help me to find a solution.

推荐答案

几周后，我终于找到了正确的解决方案！我意识到问题出在组同步中，因此用于组同步的正确配置必须类似于您的FreeIPA配置的下一个配置:

After a couple of weeks i finally found right solution! I realized that problem was in group synchronization, so right config for group sync must looks like next one for your FreeIPA configuration:

ldap.group.baseDn=cn=groups,cn=compat,dc=company,dc=com
ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))
ldap.group.idAttribute=cn

差异位于cn = groups， cn = compat ，dc = company，dc = com中.您不能将memberUid过滤器与cn=accounts一起使用.

Difference is in cn=groups,cn=compat,dc=company,dc=com.You can't use memberUid filter with cn=accounts.

这篇关于SonarQube 5.6 LDAP(FreeIPA)身份验证的用户没有组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！