This plugin enables the delegation of SonarQube authentication to an external system. The plugin currently supports LDAP and Microsoft Active Directory.
Only password-checking is done against the external system. Authorization (access control) is still fully managed in SonarQube. That’s why LDAP or Active Directory users do not automatically have access to SonarQube. A SonarQube account must be created first for each new user wishing to use SonarQube. The SonarQube administrator should also assign the user to the desired groups in order to grant him necessary rights. If exists, the password in the SonarQubeaccount will be ignored as the external system password will override it.
Usage & Installation
- Download the plugin from Update Center and restart server. If you don't have access to Internet, then manually download JAR file into $SONAR$SONARQUBE_HOME/extensions/plugins and restart server.
- Make sure that at least one user with global administration role exists in Sonar SonarQube as well as in the external system
Configure conf/sonar.properties by adding and editing the following:
Code Block title conf/sonar.properties
#------------------- # Sonar LDAP Plugin #------------------- # IMPORTANT : before activation, make sure that one Sonar administrator is defined in the external system # Activates the plugin. Leave blank or comment out to use default sonarSonarQube authentication. sonar.authenticator.class: org.sonar.plugins.ldap.LdapAuthenticator # Ignore failure at startup if the connection to external system is refused. # Users can browse sonarSonarQube but not log in as long as the connection fails. # When set to true, SonarSonarQube will not start if connection to external system fails. # Default is false. #sonar.authenticator.ignoreStartupFailure: true # Automatically create users (available since Sonar 2.0). # When set to true, user will be created after successful authentication, if doesn't exists. # The default group affected to new users can be defined online, in SonarSonarQube general settings. The default value is "sonar-users". # Default is false. #sonar.authenticator.createUsers: true # (omit if you use autodiscovery) URL of the LDAP server. # If you are using ldaps, then you should install server certificate into java truststore. # eg. ldap://localhost:10389 ldap.url: # (optional) Distinguished Name (DN) of the root node in LDAP from which to search for users, # eg. “ou=users,o=mycompany” ldap.baseDn: # (optional) Bind DN is the username of an LDAP user to connect (or bind) with. # This is a Distinguished Name of a user who has administrative rights, # eg. “cn=sonar,ou=users,o=mycompany”. Leave blank for anonymous access to the LDAP directory. #ldap.bindDn: # (optional) Bind Password is the password of the user to connect with. # Leave blank for anonymous access to the LDAP directory. #ldap.bindPassword: # Login Attribute is the attribute in LDAP holding the user’s login. # Default is ‘uid’. Set ’sAMAccountName’ for Microsoft Active Directory #ldap.loginAttribute: sAMAccountName # Object class of LDAP users. # Default is 'inetOrgPerson'. Set ‘user’ for Microsoft Active Directory. #ldap.userObjectClass: user # (advanced option) See http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html # Default is 'simple'. Possible values: 'simple', 'CRAM-MD5', 'DIGEST-MD5', 'GSSAPI'. #ldap.authentication: DIGEST-MD5 # (advanced option) # See # http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html # http://java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html # eg. example.org #ldap.realm: # (advanced option) Context factory class. # Default is 'com.sun.jndi.ldap.LdapCtxFactory'. #ldap.contextFactoryClass: com.sun.jndi.ldap.LdapCtxFactory
Restart the Sonar SonarQube server and check the log file for:
INFO org.sonar.INFO Authentication plugin: class com.teklabs.sonar.plugins.ldap.LdapAuthenticator INFO org.sonar.INFO Authentication plugin started
- Log in to Sonarto SonarQube