SonarQube Community Edition Integration with Active Directory LDAPS Auth Method.

December 6, 2022 RAGHU VMware 0

PAGE CONTENTS
Goal
Applicable Environment Details & Assumptions
Step-by-Step Guide

Goal

Enable SonarQube Authentication against Active Directory using LDAPS Protocol.

Applicable Environment Details & Assumptions

  1. SonarQube Community Edition 8.9 LTS
  2. Active Directory with LDAPS enforced
  3. OpenJDK 11
  4. Root CA & Chain Files

Note: Below steps work independently of the underlying OS except for absolute paths. I will explain this on Ubuntu LTS.

Step-by-Step Guide

1. Download the Root CA file to /tmp/ folder. 

2. Import the Root CA certificate to Java SSL KeyStore and provide the password for the cacert store (default pwd: changeit). Accept the certificate.

sudo keytool -keystore /etc/ssl/certs/java/cacerts -import -alias certificate -file /tmp/ROOT_CA.cer

3. Import the Root CA certificate to Java SSL KeyStore and provide the password for the cacert store (default pwd : changeit). Accept the certificate. Refer to below screenshot for ready reference.

4. Following properties needs to be amended in sonar.properties file which is found in /sonarqube/conf/sonar.properties

5. Update LDAP Properties as follows (change as per your env) (in LDAPS env, bind user is must)

#--------------------------------------------------------------------------------------------------
# LDAP CONFIGURATION

# Enable the LDAP feature
sonar.security.realm=LDAP
# URL of the LDAP server. Note that if you are using ldaps, then you should install the server certificate into the Java truststore.
ldap.url=ldaps://ldap.yourcompany.com:636

# Bind DN is the username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory (optional)
ldap.bindDn=activedirectoryaccount

# Bind Password is the password of the user to connect with. Leave this blank for anonymous access to the LDAP directory (optional)
ldap.bindPassword=activedirectoryaccountpassword
ldap.user.baseDn=OU=TestOrg,DC=yourcompany,DC=com
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=displayName
ldap.user.emailAttribute=mail

6. Include following properties to force the SonarQube application to use the Java SSL Keystore (ensure that the absolute path is accurate. This will be different based on OS and SonarQube Installation directory)

sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts -Djavax.net.ssl.trustStorePassword=changeit

7. Save the sonar.properties file and exit.

8. navigate to /sonarqube/bin/linux-x86-64/  and restart the SonarQube (This will be different for other OS) 

sudo sonar.sh restart

9. SonarQube Authentication with Active Directory using LDAPS is successful.