SonarQube LDAP plugin deployed but not "enabled" - authentication

SQ 5.6, LDAP plugin 2.0.
I've successfully installed the LDAP plugin and restarted the SQ server. In the log (/opt/sonar/logs/sonar.log) the plugin is apparently deployed, but seemingly no attempt is made to initialize/enable it or connect to the LDAP server.
INFO web[o.s.s.p.ServerPluginRepository] Deploy plugin LDAP / 2.0 / 2910f3981167a70a201ccfae01471dfd26c794b7
.
.
INFO web[o.s.s.p.RailsAppsDeployer] Deploying app: ldap
These are the only mentions of ldap/LDAP in the log.
Relevant part of the conf/sonar.properties file:
sonar.security.realm=LDAP
ldap.url=ldap://myldap:389
ldap.user.baseDn=ou=mycompany,ou=People,dc=myurl,dc=com
I believe I've verified ldap.url and ldap.user.baseDn via JXplorer (an LDAP browser).
What really puzzles me is that I don't see anything like the following in the logs, which is what I'd expect from the SQ docs:
INFO org.sonar.INFO Security realm: LDAP ...
INFO o.s.p.l.LdapContextFactory Test LDAP connection: OK
No errors of any kind are noted in the log.
Any idea why SQ is not even apparently trying to kick off LDAP authentication on a restart?

I had the same problem. I'm running Sonarqube using docker. It did not pick up on changes when I restart the server from the Sonarqube UI. Only after restarting the docker image it could pick up the changed file.

Well, now it just started working. I don't have an answer as to why though. Maybe something changed with my LDAP server, or there was some latency that needed to be overcome. I didn't change anything on my end that I'm aware of. In any case, thanks to those that responded.

Related

OpenAM's WebAgent failing to install

I am trying to setup Forge rock(OpenAM13.0) with OpenDJ 3.0,
deployed Open Am in tomcat and Installed opendj successfully. setup where I end up with an error .
Environment:
- OpenAM(V 13.0).war with Tomcat (8.5.27)
- OpenDJ 3.0.0 for External Identity perupose.
-AS part of the process deployed the OpenAM war and on tomcat and could
able to login in with amadmin.
-Created policy set and policy and reqeust patterns as well.(followed
the forgerock getting started guide:https://backstage.forgerock.com/docs/openam/13/getting-started/).
-Here I installed apache 2.4 webserver could able to see the home page.
Error: when i try to configure the WEb agent I endup with below
error,could not able to proceed further.
But I could able to login from the openam login screen but end up with some session invalid exception in session.log and no session in access.csv log file.I could not able to understand and go further.help on this regard is greatly appreciated.
Attached the screen shot of different logs i got .
[WEbagent_insall_Log][1] - Log during web agent installation
[Session-Log][2] - Log at the server openam side
[OpenaM_access.csv_log][3] log for open am side about the access
[WEbagent Installation][1] screen when I try to install webagent
[1]: https://i.stack.imgur.com/HmCFZ.jpg
[2]: https://i.stack.imgur.com/KX1Tb.jpg
[3]: https://i.stack.imgur.com/jQYUX.jpg
Please help on this.
Thanks
Venkat

"handshake_failure" error trying to connect IDEA to Jira

I am trying to set up jira as a task server in IDEA IntelliJ.
I am getting handshake_failure error when I try to test my connection.
Reading about it in SO and Atlassion forums, I tried several things but none worked:
downloading the certificate from jira server and installing it in intellij
adding -Dhttps.protocols="TLSv1" to my .vmoptions IDEA startup config file
It happens both to my corporate jira instance and to external public jira servers.
In addition, it also happened with IntelliJ 2016.
Has anyone managed to get this working?
The problem was that the server used a cipher that was disabled in my jvm.
In order to fix, I uncommented
crypto.policy=unlimited
in my jre <jre-home>\lib\security\java.security
see this SO question or this one for more details about security policies

sonarqube 5.6 & LDAP 2.0 failing to authenticate

I am testing an upgrade to sonarqube 5.6 and have installed the ldap 2.0 plugin & copied the relevant configuration forward to my test 5.6 setup.
The relevant config is
sonar.security.realm=LDAP
ldap.url=ldaps://xxxx:636
ldap.bindDn=uid=xxxx,ou=xxxx,dc=xxxx,dc=xxxx
ldap.bindPassword=xxxx
ldap.user.baseDn=dc=xxxx,dc=com
ldap.user.request=(&(objectClass=person)(mail={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
I have the following set in conf/sonar.properties
sonar.log.level=DEBUG
On startup I see
2016.07.26 23:57:29 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://xxxx:636: OK
2016.07.26 23:57:29 INFO web[org.sonar.INFO] Security realm started
If I attempt to login, I get "Authentication failed" on the login screen.
The log file says nothing other than
2016.07.26 23:57:47 DEBUG web[http] GET / | time=67ms
2016.07.26 23:57:47 DEBUG web[http] GET / | time=187ms
2016.07.26 23:57:47 DEBUG web[http] GET /sessions/new | time=89ms
2016.07.26 23:57:53 DEBUG web[http] POST /sessions/login | time=71ms
The same configuration works fine with sonarqube 4.5.7 and ldap 1.4
Ideas welcome on how to investigate further.
You're most likely hitting known issue SONAR-7770 - Authentication fails if LDAP configuration has been forgotten during the upgrade . Note that an Upgrade Note was issued for this problem:
Most specifically, don't forget to copy the related SonarQube plugin and its related configuration in "conf/sonar.properties" (including "sonar.security.realm" and "sonar.security.localUsers" if present) into the new SonarQube instance otherwise you will be locked out after migration.
So it's important that this LDAP configuration is there even during the upgrade. If you did miss that then the easiest way forward here is to replay the upgrade with the LDAP-related configuration correctly set.
Context
Keep in mind that during an upgrade SonarQube updates the dataset and also stores new information in database (based on new features). The problem in your case would be that the upgrade was done with a partial config (which didn't set sonar.security.realm and sonar.security.localUsers) , and SonarQube couldn't figure out whether users were local or not, hence treating them as local by default. Local users are not authenticated against external authentication providers but locally, which is indeed what we're seeing in your logs (and it's obviously failing because the password lives in LDAP server, not in SonarQube database).
I fixed it by manually updating the users database table of SonarQube, asumming that all other users are managed by LDAP and just the admin is a local user:
UPDATE sonarqube_production.users SET user_local = 0, external_identity_provider = 'ldap' WHERE id != 'admin';
Little fix to Schakko query above, it should be with login not with id:
UPDATE users SET user_local = 0, external_identity_provider = 'ldap' WHERE login != 'admin';

weblogic em console's Admin server/managed servers status & metrics are unavailable

Weblogic em console shows "status pending" for the admin servers and managed servers, even though when they are up. It is not showing other metrics as well.
Below are the head error messages.
oracle.sysman.emas.sdk.model.metric.MetricsUnavailableException
at oracle.sysman.emas.sdk.model.metric.WLMetricProvider.getMetricServiceMBean(WLMetricProvider.java:313)
at oracle.sysman.emas.sdk.model.metric.WLMetricProvider.queryMetricTable(WLMetricProvider.java:364)
at oracle.sysman.emas.sdk.model.metric.WLMetricProvider.getMetrics(WLMetricProvider.java:155)
at oracle.sysman.emas.sdk.model.metric.MetricUtil.getMetrics(MetricUtil.java:271)
I would suggest opening a ticket with Oracle. You could try enabling Platform MBean Server which is in Domain home -> Advanced and restarting the domain. Usually this would fix it but without logs, its very hard to tell. Please try to provide us the sysman logs for the em.
I found the solution for this issue. This is a bug and oracle has released a patch for this BUG_13826887/Patch p13826887_111160_Generic.
1.Set ORACLE_HOME, java
2.check which opatch, opatch apply
3.restart complete weblogic

Deployment in WebLogic Issue

I am a newbie.I am using Weblogic 10.0.0.0..I am getting an validation error in first page(Login Page wit user name and pwd) as "logger is not initialized",while deploying. I do the same thing with tomcat, and the .war is imported and deployed is success. What is the reason? and also ,in weblogic 10.0.0.0 we have two jdk's(jdk 1.6 and Jrockit)...in my system i m having 1.6.0_17..so which one it takes.i forgot which i choose while installing..whether it takes from wblogic jdk or which one?..wher i m going wrong..its a small one i notice..but could not figure out..plz lemme kno??
This is either because you haven't configured your WLS installation correctly. When you first setup your console there is a parameter you have to change in your auth file that if not set with cause this issue.
Or you are selecting logging during deployment from the admin console and you haven't configured log4j in your application.