Trouble setting up LDAPS for login in Sonarqube Docker container

I am running Sonarqube in a docker container using the default image from docker hub. Sonarqube is working fine. I am now working on using LDAPS for system login and can’t seem to get it to work. I created a centos:latest container and have sonarqube running there. I did this so I could have ldapsearch, vim, telnet, update-ca, etc. I used openssl to add the server certificate. I tested with ldapsearch and the following is successful:

[root@bf9accb5647d linux-x86-64]# ldapsearch -x -LLL -H ldaps://dir.example.com -b "dc=example,dc=com" -D "uid=svcSonar,ou=SvcAccts,ou=People,dc=example,dc=com" -W '(uid=usernamehere)' cn
Enter LDAP Password: ******
dn: uid=usernamehere,ou=Users,ou=People,dc=example,dc=com
cn: User Name

Here is my relevant ldap configuration in sonar.properties:

  • kubernetes : PTY allocation request failed
  • Docker for windows: how to access container from dev machine (by ip/dns name)
  • How to add a SSL self-signed cert to Jenkins for LDAPS within Dockerfile?
  • get the url to connect to marathon app via jdbc
  • Installing docker on centos7: docker-engine-selinux conflicts with docker-selinux-*
  • Why can't the container display the content of mounting directory of host?
  • sonar.security.realm=LDAP
    ldap.url=ldaps://dir.example.com
    ldap.bindDN=uid=svcSonar,ou=SvcAccts,ou=People,dc=example,dc=com
    ldap.bindPassword=mypassword
    ldap.user.baseDn=ou=Users,ou=People,dc=example,dc=com
    ldap.user.request=(uid={login})
    

    Here is the relevant sonar.log entries with TRACE and DEBUG on:

    2016.04.15 16:32:35 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin LDAP / 1.5.1 / 8960e08512a3d3ec4d9cf16c4c2c95017b5b7ec5
    2016.04.15 20:19:07 INFO  web[org.sonar.INFO] Security realm: LDAP
    2016.04.15 20:19:07 INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=ou=Users,ou=People,dc=example,dc=com, request=(uid={0}), realNameAttribute=cn, emailAttribute=mail}
    2016.04.15 20:19:07 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldaps://dir.example.com, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
    2016.04.15 20:19:07 INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://dir.example.com: OK
    2016.04.15 20:19:07 INFO  web[org.sonar.INFO] Security realm started
    .
    .
    .
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user usernamehere
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=ou=Users,ou=People,dc=example,dc=com, scope=s
    ubtree, request=(uid={0}), parameters=[usernamehere], attributes=[mail, cn]}
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldaps://di
    r.example.com, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.na
    ming.security.authentication=simple, java.naming.referral=follow}
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapUsersProvider] User usernamehere not found in <default>
    

    I did the following for the certificate:

    echo "" | openssl s_client -connect server:port -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > ldap.pem
    update-ca-trust force-enable
    cp ldap.pem /etc/pki/ca-trust/source/anchors/
    update-ca-trust extract
    

    I also used the keytool to add the ldap.pem to the java cacerts for the jre being using by Sonarqube.

    Any ideas?

  • Docker image for windows 64bit
  • Cannot keep the scala application up and running on docker
  • Pass argument to dockerfile @ runtime
  • How does docker work along with IBM WebSphere?
  • Container process on host machine
  • Can you run Dind as a service on Tutum so that Drone can use it?
  • One Solution collect form web for “Trouble setting up LDAPS for login in Sonarqube Docker container”

    I found the problem. I needed to change ldap.bindDN to ldap.bindDn. 🙂

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.