Quick Search
Browse
Pages
Blog
Labels
Attachments
Mail
Advanced
What’s New
Space Directory
Feed Builder
Keyboard Shortcuts
Confluence Gadgets
Log In
Dashboard
Sonar
Copy Page
You are not logged in. Any changes you make will be marked as
anonymous
. You may want to
Log In
if you already have an account. You can also
Sign Up
for a new account.
This page is being edited by
.
Paragraph
Paragraph
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Preformatted
Quote
Bold
Italic
Underline
More colours
Strikethrough
Subscript
Superscript
Monospace
Clear Formatting
Bullet list
Numbered list
Outdent
Indent
Align left
Align center
Align right
Link
Table
Insert
Insert Content
Image
Link
Attachment
Symbol
Emoticon
Wiki Markup
Horizontal rule
tinymce.confluence.insert_menu.macro_desc
Info
JIRA Issue
Status
Gallery
Tasklist
Table of Contents
Other Macros
Page Layout
No Layout
Two column (simple)
Two column (simple, left sidebar)
Two column (simple, right sidebar)
Three column (simple)
Two column
Two column (left sidebar)
Two column (right sidebar)
Three column
Three column (left and right sidebars)
Undo
Redo
Find/Replace
Keyboard Shortcuts Help
<table class="wysiwyg-macro" data-macro-name="unmigrated-inline-wiki-markup" data-macro-parameters="atlassian-macro-output-type=BLOCK" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e3VubWlncmF0ZWQtaW5saW5lLXdpa2ktbWFya3VwOmF0bGFzc2lhbi1tYWNyby1vdXRwdXQtdHlwZT1CTE9DS30&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>{iframe:src=http://update.sonarsource.org/plugins/ldap.html|width=700|height=250|frameborder=0} Your browser does not support iframes. {iframe}</pre></td></tr></table><table class="wysiwyg-macro" data-macro-name="info" data-macro-parameters="icon=false|title=Table of Contents" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2luZm86aWNvbj1mYWxzZXx0aXRsZT1UYWJsZSBvZiBDb250ZW50c30&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="RICH_TEXT"><tr><td class="wysiwyg-macro-body"><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e3RvY30&locale=en_GB&version=2" data-macro-name="toc"></p></td></tr></table><h1>Compatibility Matrix</h1><table class="confluenceTable"><tbody><tr><th class="confluenceTh"><p> </p></th><th class="confluenceTh"><p>Apache DS</p></th><th class="confluenceTh"><p>OpenLDAP</p></th><th class="confluenceTh"><p>OpenDS</p></th><th class="confluenceTh"><p>Active Directory</p></th></tr><tr><th class="confluenceTh"><p>Anonymous</p></th><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p> </p></td></tr><tr><th class="confluenceTh"><p>Simple</p></th><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td></tr><tr><th class="confluenceTh"><p>LDAPS</p></th><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p> </p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td></tr><tr><th class="confluenceTh"><p>DIGEST-MD5</p></th><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p> </p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td></tr><tr><th class="confluenceTh"><p>CRAM-MD5</p></th><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p> </p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td></tr><tr><th class="confluenceTh"><p>GSSAPI</p></th><td class="confluenceTd"><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /></p></td><td class="confluenceTd"><p> </p></td><td class="confluenceTd"><p> </p></td><td class="confluenceTd"><p> </p></td></tr></tbody></table><p><img class="emoticon emoticon-tick" data-emoticon-name="tick" border="0" src="/s/en_GB/3278/15/_/images/icons/emoticons/check.png" alt="(tick)" title="(tick)" /> - means that it has been successfully tested</p><h1>Description</h1><table class="wysiwyg-macro" data-macro-name="note" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e25vdGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="RICH_TEXT"><tr><td class="wysiwyg-macro-body"><p>This is the documentation for plugin version 1.1 and greater. Documentation for version prior to 1.1 is located on <a class="confluence-link" href="/display/SONAR/Old+doc+-+LDAP+Plugin+1.0" data-linked-resource-id="228185760" data-linked-resource-type="page" data-linked-resource-default-alias="Old doc - LDAP Plugin 1.0" data-base-url="http://docs.codehaus.org">separate page</a>. Instructions for migration can be found <a class="confluence-link" href="#Migration" data-anchor="Migration" data-linked-resource-default-alias="Migration" data-base-url="http://docs.codehaus.org">here</a>.</p></td></tr></table><p>The Sonar LDAP Plugin enables the delegation of Sonar authentication and authorization to an external system. The plugin currently supports LDAP and Microsoft Active Directory.</p><p>The main features of the plugin are:</p><ul><li>Password checking against the external authentication engine</li><li>Automatic synchronization of usernames and emails</li><li>Automatic synchronization of the relationships between users and groups (authorization)</li><li>Ability to authenticate the user both against the external or internal authentication systems (technical Sonar user accounts have no need for instance to be defined in the LDAP server)</li></ul><p>By default there is no need to firstly create a user account in the Sonar DB to allow a user to log into Sonar. During the first authentication trial, if the password is correct, the Sonar DB is automatically populated with the new Sonar user. Moreover, each time a user logs into Sonar, the username, the email and the groups this user belongs to are automatically refreshed in the Sonar DB.</p><p>About the delegation of authorization, there is only one pre-requisite: the relationships between users and groups are only synchronized with groups which are already defined in Sonar. So groups and related permissions must be first defined in Sonar.</p><h1>Usage & Installation</h1><ol><li>Install the LDAP plugin through the <a href="http://docs.codehaus.org/display/SONAR/Update+Center">Update Center</a> or download it into the SONAR_HOME/extensions/plugins directory</li><li>Restart the Sonar server</li><li>Make sure that at least one user with global administration role exists in Sonar as well as in the external system</li><li><p>Configure the LDAP plugin by editing the conf/sonar.properties file (<a class="confluence-link" href="#Configuration" data-anchor="Configuration" data-linked-resource-default-alias="Configuration" data-base-url="http://docs.codehaus.org">see below</a>)</p></li><li><p>Restart the Sonar server and check the log file for:</p><p><span style="font-family: monospace;"><span style="white-space: pre-wrap;"><span>INFO </span>org.sonar.INFO Security realm: LDAP<br />...</span></span></p><p><span style="font-family: monospace;"><span style="white-space: pre-wrap;">INFO o.s.p.l.LdapContextFactory Test LDAP connection: OK</span></span></p></li><li>Log into Sonar</li></ol><div><div><h2><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2FuY2hvcjpDb25maWd1cmF0aW9ufQ&locale=en_GB&version=2" data-macro-name="anchor" data-macro-default-parameter="Configuration">General Configuration</h2></div><table class="confluenceTable"><tbody><tr><th colspan="1" class="confluenceTh">Property</th><th colspan="1" class="confluenceTh">Description</th><th colspan="1" class="confluenceTh">Default value</th><th colspan="1" class="confluenceTh">Mandatory</th><th class="confluenceTh">Example</th></tr><tr><td colspan="1" class="confluenceTd">sonar.security.realm</td><td colspan="1" class="confluenceTd"><p>This property must be defined to ask the Sonar server to use first the LDAP plugin when trying to authenticate a user. (available since Sonar 2.14)</p></td><td colspan="1" class="confluenceTd"> </td><td colspan="1" class="confluenceTd"><p><strong>Yes</strong></p></td><td colspan="1" class="confluenceTd">LDAP (no other value can be used)</td></tr><tr><td colspan="1" class="confluenceTd">sonar.security.savePassword</td><td colspan="1" class="confluenceTd">This optional property can be used to ask Sonar to save the user password in the Sonar DB. When this property is activated, a user can log into Sonar even when the LDAP server is not available. (available since Sonar 2.14)</td><td colspan="1" class="confluenceTd">false</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"> </td></tr><tr><td colspan="1" class="confluenceTd">sonar.authenticator.createUsers</td><td colspan="1" class="confluenceTd">By default, the Sonar DB is automatically populated when a new Sonar user logs into Sonar. Setting this value to false, make it mandatory for a Sonar administrator to first declare a user in the Sonar DB before allowing this user to log into Sonar.</td><td colspan="1" class="confluenceTd">true</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"> </td></tr><tr><td colspan="1" class="confluenceTd">ldap.url</td><td colspan="1" class="confluenceTd">URL of the LDAP server. Note that if you are using ldaps, then you should install server certificate into java truststore.</td><td colspan="1" class="confluenceTd"> </td><td colspan="1" class="confluenceTd"><strong>Yes</strong> (Not mandatory in case of <a class="confluence-link" href="#Auto-discovery" data-anchor="Auto-discovery" data-linked-resource-default-alias="Auto-discovery" data-base-url="http://docs.codehaus.org">Auto-discovery</a>)</td><td class="confluenceTd"><a>ldap://localhost:10389</a></td></tr><tr><td colspan="1" class="confluenceTd">ldap.bindDn</td><td colspan="1" class="confluenceTd">Bind DN is the username of an LDAP user to connect (or bind) with. Leave blank for anonymous access to the LDAP directory.</td><td colspan="1" class="confluenceTd"> </td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd">cn=sonar,ou=users,o=mycompany</td></tr><tr><td colspan="1" class="confluenceTd">ldap.bindPassword</td><td colspan="1" class="confluenceTd">Bind Password is the password of the user to connect with. Leave blank for anonymous access to the LDAP directory.</td><td colspan="1" class="confluenceTd"> </td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd">secret</td></tr><tr><td colspan="1" class="confluenceTd">ldap.authentication</td><td colspan="1" class="confluenceTd">Possible values: 'simple', 'CRAM-MD5', 'DIGEST-MD5', 'GSSAPI'. See <a href="http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html">http://</a><a href="http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html">java.sun.com/products/jndi/tutorial/ldap/security/auth.html</a><a href="http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html" /></td><td colspan="1" class="confluenceTd">simple</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"><a class="confluence-link" href="#Authentication-methods" data-anchor="Authentication-methods" data-linked-resource-default-alias="Authentication-methods" data-base-url="http://docs.codehaus.org">see description</a></td></tr><tr><td colspan="1" class="confluenceTd">ldap.realm</td><td colspan="1" class="confluenceTd"><div class="line number52 index51 alt1">See <a href="http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html">http://</a><a href="http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html">java.sun.com/products/jndi/tutorial/ldap/security/digest.html</a><a href="http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html" /></div><div class="line number54 index53 alt1"><a href="http://java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html">http://</a><a href="http://java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html">java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html</a><a href="http://java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html" /></div></td><td colspan="1" class="confluenceTd"> </td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd">example.org</td></tr><tr><td colspan="1" class="confluenceTd">ldap.contextFactoryClass</td><td colspan="1" class="confluenceTd">(advanced option) Context factory class.</td><td colspan="1" class="confluenceTd">com.sun.jndi.ldap.LdapCtxFactory</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"> </td></tr></tbody></table><h2>User Mapping</h2><table class="confluenceTable"><tbody><tr><th colspan="1" class="confluenceTh">Property</th><th class="confluenceTh">Description</th><th colspan="1" class="confluenceTh"><span>Default value</span></th><th colspan="1" class="confluenceTh">Mandatory</th><th colspan="1" class="confluenceTh">Example for Active Directory Server</th></tr><tr><td colspan="1" class="confluenceTd">ldap.user.baseDn</td><td colspan="1" class="confluenceTd">Distinguished Name (DN) of the root node in LDAP from which to search for users.</td><td colspan="1" class="confluenceTd"> </td><td colspan="1" class="confluenceTd"><strong>Yes</strong> (Not mandatory in case of <a class="confluence-link" href="#Auto-discovery" data-anchor="Auto-discovery" data-linked-resource-default-alias="Auto-discovery" data-base-url="http://docs.codehaus.org">Auto-discovery</a>)</td><td colspan="1" class="confluenceTd">cn=users,dc=example,dc=org</td></tr><tr><td colspan="1" class="confluenceTd">ldap.user.request</td><td colspan="1" class="confluenceTd">(available since plugin version 1.2)</td><td colspan="1" class="confluenceTd"><table class="wysiwyg-macro" data-macro-name="noformat" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e25vZm9ybWF0fQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>(&(objectClass=inetOrgPerson)(uid={login}))</pre></td></tr></table></td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"><table class="wysiwyg-macro" data-macro-name="noformat" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e25vZm9ybWF0fQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>(&(objectClass=user)(sAMAccountName={login}))</pre></td></tr></table></td></tr><tr><td colspan="1" class="confluenceTd"><s>ldap.user.objectClass</s></td><td colspan="1" class="confluenceTd"><span>Deprecated in plugin version 1.2 and replaced by 'ldap.user.request'. </span>Object class of LDAP users.</td><td colspan="1" class="confluenceTd">inetOrgPerson</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd">user</td></tr><tr><td colspan="1" class="confluenceTd"><s>ldap.user.loginAttribute</s></td><td colspan="1" class="confluenceTd"><span>Deprecated in plugin version 1.2 and replaced by 'ldap.user.request'. </span>Attribute in LDAP holding the user’s login.</td><td colspan="1" class="confluenceTd">uid</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd">sAMAccountName</td></tr><tr><td colspan="1" class="confluenceTd">ldap.user.realNameAttribute</td><td class="confluenceTd">Attribute in LDAP holding the user’s real name.</td><td colspan="1" class="confluenceTd">cn</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"> </td></tr><tr><td colspan="1" class="confluenceTd">ldap.user.emailAttribute</td><td class="confluenceTd">Attribute in LDAP holding the user’s email.</td><td colspan="1" class="confluenceTd">mail</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"> </td></tr></tbody></table><h2>Group Mapping</h2><p>The following properties should be defined to allow Sonar to automatically synchronized the relationships between users and groups.</p><p>There are two limitations:</p><ul><li>Groups must be static and not dynamic</li><li>The user entry must contain the attribute 'memberOf' with list of groups</li></ul><table class="confluenceTable"><tbody><tr><th colspan="1" class="confluenceTh">Property</th><th class="confluenceTh">Description</th><th class="confluenceTh">Default value</th><th colspan="1" class="confluenceTh">Mandatory</th><th colspan="1" class="confluenceTh">Example for Active Directory Server</th></tr><tr><td colspan="1" class="confluenceTd">ldap.group.baseDn</td><td class="confluenceTd"><span>Distinguished Name (DN) of the root node in LDAP from which to search for groups.</span></td><td class="confluenceTd"> </td><td colspan="1" class="confluenceTd"><p>Yes in version 1.1.1</p><p>No in version 1.2, if you want to disable synchronization of groups<strong>.</strong></p></td><td colspan="1" class="confluenceTd">cn=groups,dc=example,dc=org</td></tr><tr><td colspan="1" class="confluenceTd">ldap.group.request</td><td colspan="1" class="confluenceTd"><span>(available since plugin version 1.2)</span></td><td colspan="1" class="confluenceTd"><table class="wysiwyg-macro" data-macro-name="noformat" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e25vZm9ybWF0fQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>(&(objectClass=groupOfUniqueNames)(uniqueMember={dn}))</pre></td></tr></table></td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"><table class="wysiwyg-macro" data-macro-name="noformat" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e25vZm9ybWF0fQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>(&(objectClass=group)(member={dn}))</pre></td></tr></table></td></tr><tr><td colspan="1" class="confluenceTd"><s>ldap.group.objectClass</s></td><td colspan="1" class="confluenceTd">Deprecated in plugin version 1.2 and replaced by 'ldap.group.request'. Object class of LDAP groups.</td><td colspan="1" class="confluenceTd">groupOfUniqueNames</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd">group</td></tr><tr><td colspan="1" class="confluenceTd">ldap.group.idAttribute</td><td colspan="1" class="confluenceTd">Attribute in LDAP holding the group's id.</td><td colspan="1" class="confluenceTd">cn</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd"> </td></tr><tr><td colspan="1" class="confluenceTd"><s>ldap.group.memberAttribute</s></td><td colspan="1" class="confluenceTd"><span>Deprecated in plugin version 1.2 and replaced by 'ldap.group.request'. </span>Attribute in LDAP holding the group's member.</td><td colspan="1" class="confluenceTd">uniqueMember</td><td colspan="1" class="confluenceTd">No</td><td colspan="1" class="confluenceTd">member</td></tr></tbody></table><h2>Example of LDAP Configuration</h2><table class="wysiwyg-macro" data-macro-name="code" data-macro-parameters="language=none" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6bGFuZ3VhZ2U9bm9uZX0&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre># LDAP configuration sonar.security.realm=LDAP sonar.security.savePassword=true ldap.url=ldap://myserver.mycompany.com ldap.user.baseDn=ou=Users,dc=mycompany,dc=com ldap.user.objectClass=inetOrgPerson ldap.user.loginAttribute=uid ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail ldap.group.baseDn=ou=Groups,dc=sonarsource,dc=com ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))</pre></td></tr></table><h2><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2FuY2hvcjpBdXRvLWRpc2NvdmVyeX0&locale=en_GB&version=2" data-macro-name="anchor" data-macro-default-parameter="Auto-discovery">Auto-discovery</h2></div><p>Here is description of how auto-discovery works:</p><ol><li>Determine DNS Domain Name:<ul><li>from "ldap.realm" property if set</li><li>from FQDN of machine, where Sonar is installed (eg. if FQDN is "sonar.example.org", then DNS Domain Name will be "example.org")</li></ul></li><li>Determine URL of LDAP server:<ul><li>from "ldap.url" property if set</li><li><p>from DNS server ( see <a class="confluence-link" href="#Known limitations" data-anchor="Known limitations" data-linked-resource-default-alias="Known limitations" data-base-url="http://docs.codehaus.org">known limitations</a> ), here is example of SRV Record for domain "example.org":</p><table class="wysiwyg-macro" data-macro-name="noformat" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e25vZm9ybWF0fQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>_ldap._tcp.example.org. 72784 IN SRV 0 5 389 ldap.example.org.</pre></td></tr></table><p>for this domain URL of LDAP server will be "ldap://ldap.example.org:389"</p></li></ul></li><li>Determining BaseDN:<ul><li>from "ldap.baseDn" property if set</li><li>from DNS Domain Name (eg. if DNS Domain Name is "example.org", then BaseDN will be "dc=example,dc=org")</li></ul></li></ol><h2><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2FuY2hvcjpBdXRoZW50aWNhdGlvbi1tZXRob2RzfQ&locale=en_GB&version=2" data-macro-name="anchor" data-macro-default-parameter="Authentication-methods">Authentication Methods</h2><ul><li><strong>Simple</strong><br /> Simple authentication is not recommended for production deployments not using the secure ldaps protocol as it sends a cleartext password over the network.</li><li><strong>Anonymous</strong><br /> Used when only needs read-only access to non-protected entries and attributes when binding to the LDAP server.</li><li><strong>CRAM-MD5</strong><br /> The Challenge-Response Authentication Method (CRAM) based on the HMAC-MD5 MAC algorithm (<a href="http://tools.ietf.org/html/rfc2195">RFC 2195</a>).</li><li><strong>DIGEST-MD5</strong><br /> This is an improvement on the CRAM-MD5 authentication method (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>).</li><li><strong>GSSAPI</strong><br /> GSS-API is Generic Security Service API (<a href="http://www.ietf.org/rfc/rfc2744.txt">RFC 2744</a>). One of the most popular security services available for GSS-API is the Kerberos v5, used in Microsoft's Windows 2000 platform.</li></ul><p>For a full discussion of LDAP authentication approaches, see <a href="http://www.ietf.org/rfc/rfc2829.txt">RFC 2829</a> and <a href="http://www.ietf.org/rfc/rfc2251.txt">RFC 2251</a>.</p><h1>Known Limitations</h1><p>Auto-discovery takes into account only one SRV record.</p><h1>Troubleshooting</h1><p>You can enable debug logging by adding the following to conf/logback.xml:</p><table class="wysiwyg-macro" data-macro-name="code" data-macro-parameters="title=conf/logback.xml" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGU6dGl0bGU9Y29uZi9sb2diYWNrLnhtbH0&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre><logger name="org.sonar.plugins.ldap"> <level value="DEBUG"/> <appender-ref ref="CONSOLE"/> <appender-ref ref="SONAR_FILE"/> </logger> </pre></td></tr></table><h1><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2FuY2hvcjpNaWdyYXRpb259&locale=en_GB&version=2" data-macro-name="anchor" data-macro-default-parameter="Migration">Migration from plugin version 1.0 to version 1.1.1</h1><p>Perform the following replacements:</p><table class="confluenceTable"><tbody><tr><th class="confluenceTh"> </th><th class="confluenceTh">Replaced by</th></tr><tr><td class="confluenceTd">sonar.authenticator.calss: org.sonar.plugins.ldap.LdapAuthenticator</td><td class="confluenceTd">sonar.security.realm: LDAP</td></tr><tr><td colspan="1" class="confluenceTd">ldap.baseDn</td><td colspan="1" class="confluenceTd">ldap.user.baseDn</td></tr><tr><td class="confluenceTd">ldap.userObjectClass</td><td class="confluenceTd">ldap.user.objectClass</td></tr><tr><td class="confluenceTd">ldap.loginAttribute</td><td class="confluenceTd">ldap.user.loginAttribute</td></tr></tbody></table><p>Configure Group Mapping: at least by specifing new mandatory property - "ldap.group.baseDn".</p><h1>Change Log</h1><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2ppcmFpc3N1ZXM6YW5vbnltb3VzPXRydWV8dGl0bGU9UmVsZWFzZSAxLjIuMXxoZWlnaHQ9NTB8cmVuZGVyTW9kZT1zdGF0aWN8d2lkdGg9OTAwfGNvbHVtbnM9dHlwZTtrZXk7c3VtbWFyeTtwcmlvcml0eXx1cmw9aHR0cDovL2ppcmEuY29kZWhhdXMub3JnL3NyL2ppcmEuaXNzdWV2aWV3czpzZWFyY2hyZXF1ZXN0LXhtbC90ZW1wL1NlYXJjaFJlcXVlc3QueG1sP2ZpeGZvcj0xODg1NiZwaWQ9MTE5MTEmc29ydGVyL2ZpZWxkPXByaW9yaXR5JnNvcnRlci9vcmRlcj1ERVNDJnRlbXBNYXg9MTAwMH0&locale=en_GB&version=2" data-macro-name="jiraissues" data-macro-parameters="anonymous=true|columns=type;key;summary;priority|height=50|renderMode=static|title=Release 1.2.1|url=http://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor\=18856&pid\=11911&sorter/field\=priority&sorter/order\=DESC&tempMax\=1000|width=900"></p><p> </p><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2ppcmFpc3N1ZXM6YW5vbnltb3VzPXRydWV8dGl0bGU9UmVsZWFzZSAxLjJ8aGVpZ2h0PTUwfHJlbmRlck1vZGU9c3RhdGljfHdpZHRoPTkwMHxjb2x1bW5zPXR5cGU7a2V5O3N1bW1hcnk7cHJpb3JpdHl8dXJsPWh0dHA6Ly9qaXJhLmNvZGVoYXVzLm9yZy9zci9qaXJhLmlzc3Vldmlld3M6c2VhcmNocmVxdWVzdC14bWwvdGVtcC9TZWFyY2hSZXF1ZXN0LnhtbD9maXhmb3I9MTg0NTQmcGlkPTExOTExJnNvcnRlci9maWVsZD1wcmlvcml0eSZzb3J0ZXIvb3JkZXI9REVTQyZ0ZW1wTWF4PTEwMDB9&locale=en_GB&version=2" data-macro-name="jiraissues" data-macro-parameters="anonymous=true|columns=type;key;summary;priority|height=50|renderMode=static|title=Release 1.2|url=http://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor\=18454&pid\=11911&sorter/field\=priority&sorter/order\=DESC&tempMax\=1000|width=900"></p><p> </p><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2ppcmFpc3N1ZXM6YW5vbnltb3VzPXRydWV8dGl0bGU9UmVsZWFzZSAxLjEuMXxoZWlnaHQ9NTB8cmVuZGVyTW9kZT1zdGF0aWN8d2lkdGg9OTAwfGNvbHVtbnM9dHlwZTtrZXk7c3VtbWFyeTtwcmlvcml0eXx1cmw9aHR0cDovL2ppcmEuY29kZWhhdXMub3JnL3NyL2ppcmEuaXNzdWV2aWV3czpzZWFyY2hyZXF1ZXN0LXhtbC90ZW1wL1NlYXJjaFJlcXVlc3QueG1sP2ZpeGZvcj0xODQyOSZwaWQ9MTE5MTEmc29ydGVyL2ZpZWxkPXByaW9yaXR5JnNvcnRlci9vcmRlcj1ERVNDJnRlbXBNYXg9MTAwMH0&locale=en_GB&version=2" data-macro-name="jiraissues" data-macro-parameters="anonymous=true|columns=type;key;summary;priority|height=50|renderMode=static|title=Release 1.1.1|url=http://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor\=18429&pid\=11911&sorter/field\=priority&sorter/order\=DESC&tempMax\=1000|width=900"></p><p> </p><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2ppcmFpc3N1ZXM6YW5vbnltb3VzPXRydWV8dGl0bGU9UmVsZWFzZSAxLjF8aGVpZ2h0PTEwMHxyZW5kZXJNb2RlPXN0YXRpY3x3aWR0aD05MDB8Y29sdW1ucz10eXBlO2tleTtzdW1tYXJ5O3ByaW9yaXR5fHVybD1odHRwOi8vamlyYS5jb2RlaGF1cy5vcmcvc3IvamlyYS5pc3N1ZXZpZXdzOnNlYXJjaHJlcXVlc3QteG1sL3RlbXAvU2VhcmNoUmVxdWVzdC54bWw_Zml4Zm9yPTE4NDAzJnBpZD0xMTkxMSZzb3J0ZXIvZmllbGQ9cHJpb3JpdHkmc29ydGVyL29yZGVyPURFU0MmdGVtcE1heD0xMDAwfQ&locale=en_GB&version=2" data-macro-name="jiraissues" data-macro-parameters="anonymous=true|columns=type;key;summary;priority|height=100|renderMode=static|title=Release 1.1|url=http://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor\=18403&pid\=11911&sorter/field\=priority&sorter/order\=DESC&tempMax\=1000|width=900"></p><p> </p><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2ppcmFpc3N1ZXM6YW5vbnltb3VzPXRydWV8dGl0bGU9UmVsZWFzZSAxLjB8aGVpZ2h0PTcwfHJlbmRlck1vZGU9c3RhdGljfHdpZHRoPTkwMHxjb2x1bW5zPXR5cGU7a2V5O3N1bW1hcnk7cHJpb3JpdHl8dXJsPWh0dHA6Ly9qaXJhLmNvZGVoYXVzLm9yZy9zci9qaXJhLmlzc3Vldmlld3M6c2VhcmNocmVxdWVzdC14bWwvdGVtcC9TZWFyY2hSZXF1ZXN0LnhtbD9maXhmb3I9MTY5MTUmcGlkPTExOTExJnNvcnRlci9maWVsZD1wcmlvcml0eSZzb3J0ZXIvb3JkZXI9REVTQyZ0ZW1wTWF4PTEwMDB9&locale=en_GB&version=2" data-macro-name="jiraissues" data-macro-parameters="anonymous=true|columns=type;key;summary;priority|height=70|renderMode=static|title=Release 1.0|url=http://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor\=16915&pid\=11911&sorter/field\=priority&sorter/order\=DESC&tempMax\=1000|width=900"></p><p> </p><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2ppcmFpc3N1ZXM6YW5vbnltb3VzPXRydWV8dGl0bGU9UmVsZWFzZSAwLjF8aGVpZ2h0PTI1MHxyZW5kZXJNb2RlPXN0YXRpY3x3aWR0aD05MDB8Y29sdW1ucz10eXBlO2tleTtzdW1tYXJ5O3ByaW9yaXR5fHVybD1odHRwOi8vamlyYS5jb2RlaGF1cy5vcmcvc3IvamlyYS5pc3N1ZXZpZXdzOnNlYXJjaHJlcXVlc3QteG1sL3RlbXAvU2VhcmNoUmVxdWVzdC54bWw_Zml4Zm9yPTE2MDQ5JnBpZD0xMTkxMSZzb3J0ZXIvZmllbGQ9cHJpb3JpdHkmc29ydGVyL29yZGVyPURFU0MmdGVtcE1heD0xMDAwfQ&locale=en_GB&version=2" data-macro-name="jiraissues" data-macro-parameters="anonymous=true|columns=type;key;summary;priority|height=250|renderMode=static|title=Release 0.1|url=http://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor\=16049&pid\=11911&sorter/field\=priority&sorter/order\=DESC&tempMax\=1000|width=900"></p>
Please type the word appearing in the picture.
Attachments
Labels
Location
Watch this page
< Edit
Preview >
Loading…
Save
Cancel
Next hint
search
attachments
weblink
advanced