Trouble setting up LDAPS for login in Sonarqube Docker container

I am running Sonarqube in a docker container using the default image from docker hub. Sonarqube is working fine. I am now working on using LDAPS for system login and can’t seem to get it to work. I created a centos:latest container and have sonarqube running there. I did this so I could have ldapsearch, vim, telnet, update-ca, etc. I used openssl to add the server certificate. I tested with ldapsearch and the following is successful:

[root@bf9accb5647d linux-x86-64]# ldapsearch -x -LLL -H ldaps://dir.example.com -b "dc=example,dc=com" -D "uid=svcSonar,ou=SvcAccts,ou=People,dc=example,dc=com" -W '(uid=usernamehere)' cn
Enter LDAP Password: ******
dn: uid=usernamehere,ou=Users,ou=People,dc=example,dc=com
cn: User Name

Here is my relevant ldap configuration in sonar.properties:

  • How to use --init parameter in docker run
  • How to use properly centos dockerfile with ubuntu host?
  • Docker : How to configure Internet -> firewall container -> webserver container
  • How do I create a Named Docker Data Volumes with data shared with host
  • How to name a volume using a docker-compose.yml file?
  • Ansible Variables only X times per host
  • sonar.security.realm=LDAP
    ldap.url=ldaps://dir.example.com
    ldap.bindDN=uid=svcSonar,ou=SvcAccts,ou=People,dc=example,dc=com
    ldap.bindPassword=mypassword
    ldap.user.baseDn=ou=Users,ou=People,dc=example,dc=com
    ldap.user.request=(uid={login})
    

    Here is the relevant sonar.log entries with TRACE and DEBUG on:

    2016.04.15 16:32:35 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin LDAP / 1.5.1 / 8960e08512a3d3ec4d9cf16c4c2c95017b5b7ec5
    2016.04.15 20:19:07 INFO  web[org.sonar.INFO] Security realm: LDAP
    2016.04.15 20:19:07 INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=ou=Users,ou=People,dc=example,dc=com, request=(uid={0}), realNameAttribute=cn, emailAttribute=mail}
    2016.04.15 20:19:07 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldaps://dir.example.com, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.referral=follow}
    2016.04.15 20:19:07 INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://dir.example.com: OK
    2016.04.15 20:19:07 INFO  web[org.sonar.INFO] Security realm started
    .
    .
    .
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user usernamehere
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=ou=Users,ou=People,dc=example,dc=com, scope=s
    ubtree, request=(uid={0}), parameters=[usernamehere], attributes=[mail, cn]}
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldaps://di
    r.example.com, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.na
    ming.security.authentication=simple, java.naming.referral=follow}
    2016.04.15 20:26:55 DEBUG web[o.s.p.l.LdapUsersProvider] User usernamehere not found in <default>
    

    I did the following for the certificate:

    echo "" | openssl s_client -connect server:port -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > ldap.pem
    update-ca-trust force-enable
    cp ldap.pem /etc/pki/ca-trust/source/anchors/
    update-ca-trust extract
    

    I also used the keytool to add the ldap.pem to the java cacerts for the jre being using by Sonarqube.

    Any ideas?

  • Self-hosted alternative to hub.docker.com?
  • `docker run` using Golang API (Docker docs)
  • docker compose 3 sysctls directive unsupported
  • How to exit a Docker Remote API Exec Stream?
  • How to do a custom deploy using ssh with Travis CI?
  • How to deal with stale data when doing service discovery with etcd on CoreOS?
  • One Solution collect form web for “Trouble setting up LDAPS for login in Sonarqube Docker container”

    I found the problem. I needed to change ldap.bindDN to ldap.bindDn. 🙂

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.