SonarQube 5.2、LDAP 插件 1.5:com4j.ComException

【问题标题】:SonarQube 5.2, LDAP plugin 1.5: com4j.ComExceptionSonarQube 5.2、LDAP 插件 1.5:com4j.ComException
【发布时间】:2015-12-03 12:36:26
【问题描述】:

从 LDAP 1.4 升级后无法进行 AD 登录。在 TRACE 日志中记录了以下错误消息:

DEBUG web[o.s.p.l.w.WindowsUsersProvider] Requesting details for user: xxxxxx
ERROR web[rails] Error from external users provider: exception Java::Com4j::ExecutionException: com4j.ComException: 8007203a Failed to MkParseDisplayName : The server is not operational. : .\com4j.cpp:217

从 sonar.properties 中删除 LDAP 设置没有帮助。降级到 LDAP 1.4 后一切正常。我们是否错过了一些配置设置?

【问题讨论】:

  • 在我们的环境中,我们在 CN 部分使用特殊字符:CN=Doe\\, John,OU=..., DC=... .
  • 我们在使用 64 位的 Windows 7 机器上安装了 SonarQube 5.2 和 LDAP 1.5(sonar.security.realm=LDAP, ldap.servers=... 并且没有其他 LDAP 设置 => compatibleMode=false)同一网络中的 JavaSE 1.8 (amd64):没有错误!)。在 2012 R2 机器上使用相同的软件和配置:错误。我们在 web\deploy\plugins\ldap\META-INF\lib 中找到了从 com4j-2.1.jar 中提取的 com4j-amd64.dll。只有在停止 sonarqube 后才能删除。
  • 我发现了这个问题:issues.jenkins-ci.org/browse/JENKINS-17718 这可能是一个逃避问题吗?
  • 这个有什么更新吗?我遇到了和你一样的问题。
  • 我遇到了类似的问题,但我首先看到的是successfully logged in user X\Y,然后是Error from external users provider: exception Java::Com4j::ComException: 80040e37 (Unknown error) : An operations error occurred.

标签: ldap sonarqube


【解决方案1】:

LDAP 插件 1.5.1 修复了此问题(LDAP-49 已发布,可从 SonarQube 的更新中心下载。

参考SonarQube LDAP plugin documentation页面:

LDAP 1.5.1 – 2015 年 12 月 2 日 – 与 SonarQube 5.2+ 兼容 Active Directory 环境的错误修复

【讨论】:

    【解决方案2】: 
    Please go through the new changes and try the below mentioned settings.

LDAP 1.5 plugin is using Waffle to support Windows Authentication and SSO on Windows OS. 
LDAP in Windows auth mode supports two ways of login from browser: 

1.Single sign On  
SSO will be performed on hitting any SonarQube url other than /sessions/login . 
Only domain users are supported through SSO. 

2.Form based login from /sessions/login page 
Domain users  
Login: <domain\alias> or alias@domain or alias 
Password: <domain credentials> 

Technical users 
Login: <username> 
Password: <password> 

On logout, users will be presented login page ( /sessions/login), 
where he can choose to login as technical user or domain user by 
passing appropriate credentials. 

    For those users who are already using previous version of LDAP plugin to 
connect to Microsoft AD and have already defined authorization in terms of those 
users and group name use following settings in Windows OS: 


# LDAP configuration 
sonar.security.realm=LDAP 
ldap.windows.compatibilityMode=true
sonar.log.level=DEBUG (For debugging purpose, remove this if you don't see any issue)
ldap.windows.auth=true

-----------------------------------------------------------------------

Default protocol is NTLM which should work for most of the scenarios. 
Troubleshooting NTLM 
◦Enabling NTLM Logging
http://goo.gl/3LhU6E

If you want to use Kerberos "Negotiate" protocol please use the following steps.

Negotiate Authentication Steps: 
For negotiate authentication to work make sure following steps are followed: 
1.Browser Configuration 
Waffle link: Configuring Browsers (IE/Firefox)
https://goo.gl/vcPnrk

2.Kerberos setup 
Make sure that user has privilege for Kerberos delegation 
setspn -L username 
To add preivileges to the current user run 
setspn -S HTTP/machine:port machine 
example: 
setspn -S HTTP/machine:9000 machine 

3.The SonarQube application is running as a service(NT service) 
Troubleshooting Resources 
1.Useful Kerberos troubleshooting resources 
◦Enabling Kerberos Logging
http://support.microsoft.com/kb/262177/en-us
◦Troubleshooting Kerberos Delegation
http://www.microsoft.com/en-us/download/confirmation.aspx?id=4754

    【讨论】:

    • DEBUG web[o.s.p.l.w.WindowsUsersProvider] 请求用户的详细信息:xxxxx TRACE web[sql] time=0ms | sql=select cq.uuid ... TRACE web[sql] 时间=0ms | sql=select cq.uuid ... TRACE web[sql] 时间=0ms | sql=select cq.uuid ... TRACE web[sql] 时间=0ms | sql=select cq.uuid ... ERROR web[rails] 来自外部用户提供程序的错误:异常 Java::Com4j::ExecutionException: com4j.ComException: 8007203a 无法 MkParseDisplayName :服务器无法运行。 : .\com4j.cpp:217 TRACE web[sql] 时间=0ms | sql=SELECT t.* FROM (SELECT ROW_NUMBER().... DEBUG web[http] POST /sessions/login | time=....ms
    • sonar.security.realm=LDAP sonar.authenticator.downcase=true ldap.servers=A,B ldap.A.url=ldap://A1:3268 ldap.A.user.baseDn= OU=...,DC=...,DC=...,DC=... ldap.A.user.request=(&(objectClass=user)(sAMAccountName={login})) ldap.A. bindDn=... ldap.A.bindPassword=... ldap.A.group.baseDn=OU=...,DC=...,DC=...,DC=... ldap.A.group .request=(&(objectClass=group)(member={dn})) ldap.A.group.idAttribute=sAMAccountName ldap.B.url=ldap://B1:3268 ldap.B.user.baseDn=OU= ...,DC=...,DC=...,DC=... ....ldap.B.group.idAttribute=sAMAccountName sonar.security.localUsers=....
    猜你喜欢
    • 2016-02-06
    • 2017-12-23
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2015-10-20
    • 1970-01-01
    • 2016-02-03
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode