This plugin enables the delegation of SonarQube TM authentication to an external system. The plugin currently supports LDAP and Microsoft Active Directory.
Only password-checking is done against the external system. Authorization (access control) is still fully managed in SonarQubeTM. That’s why LDAP or Active Directory users do not automatically have access to SonarQubeTM. A SonarQube TM account must be created first for each new user wishing to use SonarQubeTM. The SonarQube TM administrator should also assign the user to the desired groups in order to grant him necessary rights. If exists, the password in the SonarQubeTM account SonarQubeaccount will be ignored as the external system password will override it.
- Download the plugin from Update Center and restart server. If you don't have access to Internet, then manually download JAR file into $SONARQUBE_HOME/extensions/plugins and restart server.
- Make sure that at least one user with global administration role exists in SonarQube TM as well as in the external system
Configure conf/sonar.properties by adding and editing the following:
Code Block title conf/sonar.properties
# Activates the plugin. Leave blank or comment out to use default SonarQube authentication. sonar.authenticator.class: org.sonar.plugins.ldap.LdapAuthenticator # Ignore failure at startup if the connection to external system is refused. # Users can browse SonarQube but not log in as long as the connection fails. # When set to true, SonarQube will not start if connection to external system fails. # Default is false. #sonar.authenticator.ignoreStartupFailure: true # Automatically create users. # When set to true, user will be created after successful authentication, if doesn't exists. # The default group affected to new users can be defined online, in SonarQube general settings. The default value is "sonar-users". # Default is false. #sonar.authenticator.createUsers: true # (omit if you use autodiscovery) URL of the LDAP server. # If you are using ldaps, then you should install server certificate into java truststore. # eg. ldap://localhost:10389 ldap.url: # (optional) Distinguished Name (DN) of the root node in LDAP from which to search for users, # eg. “ou=users,o=mycompany” ldap.baseDn: # (optional) Bind DN is the username of an LDAP user to connect (or bind) with. # This is a Distinguished Name of a user who has administrative rights, # eg. “cn=sonar,ou=users,o=mycompany”. Leave blank for anonymous access to the LDAP directory. #ldap.bindDn: # (optional) Bind Password is the password of the user to connect with. # Leave blank for anonymous access to the LDAP directory. #ldap.bindPassword: # Login Attribute is the attribute in LDAP holding the user’s login. # Default is ‘uid’. Set ’sAMAccountName’ for Microsoft Active Directory #ldap.loginAttribute: sAMAccountName # Object class of LDAP users. # Default is 'inetOrgPerson'. Set ‘user’ for Microsoft Active Directory. #ldap.userObjectClass: user # (advanced option) See http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html # Default is 'simple'. Possible values: 'simple', 'CRAM-MD5', 'DIGEST-MD5', 'GSSAPI'. #ldap.authentication: DIGEST-MD5 # (advanced option) # See # http://java.sun.com/products/jndi/tutorial/ldap/security/digest.html # http://java.sun.com/products/jndi/tutorial/ldap/security/crammd5.html # eg. example.org #ldap.realm: # (advanced option) Context factory class. # Default is 'com.sun.jndi.ldap.LdapCtxFactory'. #ldap.contextFactoryClass: com.sun.jndi.ldap.LdapCtxFactory
Restart the SonarQube TM server and check the log file for:
INFO org.sonar.INFO Authentication plugin: class com.teklabs.sonar.plugins.ldap.LdapAuthenticator INFO org.sonar.INFO Authentication plugin started
- Log in to SonarQubeTM