I have nearly all my users setup as local (technical as SonarQube doc calls them) users and just installed & configured the LDAP plugin 2.2 to connect to my Active Directory.
The connection works fine: if an user unknown to SonarQube but existing in LDAP tries to log in, its user is automatically created.
I'd like to convert my existing SonarQube users (not linked to LDAP) to LDAP users so that their password and group memberships are automatically updated, but could not find how to do this in the documentation.
I found this answer how to change a local user to ldap, but it didn't work: when I try to login with LDAP credentials and the same login, I get an "Authentication failed.".
Some background:
- At some point in time (i.e. some years and SonarQube versions ago), I had configured the LDAP plugin and everything worked as expected. This configuration somehow disappeared during an update, and the LDAP users were all converted to technical users (or so I assume).
- I could not find a way to delete a user (as suggested in the SO post I linked above), only deactivate. Semantics, but it may have some importance.
- I'm running SonarQube 5.6.1.
Edit: I updated to the latest LTS version 5.6.6. With trace logs activated: When I try to log in with a deactivated local user (hoping that this would find it in LDAP):
TRACE web[sql] time=0ms | sql=SELECT count(`users`.id) AS count_id FROM `users` WHERE (login='tguerin' and user_local=1)
TRACE web[sql] time=1ms | sql=SELECT * FROM `users` WHERE (login='tguerin' AND active=1) LIMIT 1
TRACE web[sql] time=0ms | sql=SELECT * FROM `properties` WHERE (((`properties`.`resource_id` IS NULL AND `properties`.`user_id` IS NULL)) AND (`properties`.`prop_key` = 'sonar.allowUsersToSignUp')) LIMIT 1
DEBUG web[http] POST /sessions/login | time=224ms
Nothing more in the logs: no call to LDAP
When I try to log in with a user that doesn't exist (neither as local nor in LDAP):
TRACE web[sql] time=3ms | sql=SELECT count(`users`.id) AS count_id FROM `users` WHERE (login='notLocal' and user_local=1)
DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user notLocal
DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=...), parameters=[notLocal], attributes=[mail, cn]}
DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://x.x.x.x:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=..., com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
DEBUG web[o.s.p.l.LdapUsersProvider] User notLocal not found in <default>
TRACE web[sql] time=0ms | sql=SELECT * FROM `properties` WHERE (((`properties`.`resource_id` IS NULL AND `properties`.`user_id` IS NULL)) AND (`properties`.`prop_key` = 'sonar.allowUsersToSignUp')) LIMIT 1
DEBUG web[http] POST /sessions/login | time=66ms
The database is checked, then LDAP, as expected.
Edit2: to rule out a problem with a particular config/plugin on my server, I fired up a Docker Sonarqube 5.6.6 container, added a local user, added LDAP plugin (restarted, LDAP config ok), deactivated the user, tried to log in: same behaviour (i.e. the LDAP server is not queried)
