Sonarqube LDAP: error code 1 and 49

Question

I got these errors when trying to connect to LDAP via sonarqube:

2016.09.13 09:35:16 DEBUG web[o.s.p.l.LdapUsersProvider] Requesting details for user sonartester 2016.09.13 09:35:16 DEBUG web[o.s.p.l.LdapSearch] Search: LdapSearch{baseDn=cn=Users,dc=mydomain,dc=com, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[sonartester], attributes=[mail, cn]} 2016.09.13 09:35:16 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://myip:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.sasl.realm=mydomain.com, java.naming.referral=follow} 2016.09.13 09:35:16 DEBUG web[o.s.p.l.LdapUsersProvider] [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090728, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580] javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090728, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]

....

2016.09.13 09:35:16 DEBUG web[o.s.p.l.LdapUsersProvider] User sonartester not found in 2016.09.13 09:35:16 ERROR web[o.s.s.a.RealmAuthenticator] Error during authentication org.sonar.api.utils.SonarException: Unable to retrieve details for user sonartester in 2016.09.13 09:35:16 DEBUG web[o.s.p.l.LdapUsersProvider] User sonartester not found in 2016.09.13 09:35:16 ERROR web[o.s.s.a.RealmAuthenticator] Error during authentication org.sonar.api.utils.SonarException: Unable to retrieve details for user sonartester in

I've created user SONARTEST found in the Users OU and member of the my-group. The group is also found in the Users OU. Here is my config:

sonar.security.realm=LDAP
sonar.authenticator.createUsers=true
ldap.url=ldap://myip:389
ldap.bindDn.=cn=someusername,ou=Users,o=mydomain
ldap.bindPassword.=somepassword
ldap.authentication=simple
ldap.realm=mydomain.com

ldap.user.baseDn=cn=Users,dc=mydomain,dc=com
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn

ldap.group.baseDn=ou=Users,dc=mydomain,dc=com
ldap.group.request=(&(objectClass=my-group)(member={dn}))
ldap.group.idAttribute=sAMAccountName

The user used for the bind has all necessary rights, and is found in the Users OU also. I used the same user to connect to ldap on confluence and everything went fine. Greatful if someone could help me. Thaks

---

Thanks Nicolas for your reply

Removing the dots gives another error while restarting the service which is unable to start.

2016.09.13 15:46:00 INFO  web[org.sonar.INFO] Security realm: LDAP
2016.09.13 15:46:00 INFO  web[o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=cn=Users,dc=mydomain,dc=com, request=(&(objectClass=user)(sAMAccountName={0})), realNameAttribute=cn, emailAttribute=mail}
2016.09.13 15:46:01 INFO  web[o.s.p.l.LdapSettingsManager] Group mapping: LdapGroupMapping{baseDn=ou=Users,dc=mydomain,dc=com, idAttribute=sAMAccountName, requiredUserAttributes=[dn], request=(&(objectClass=mygroup)(member={0}))}
2016.09.13 15:46:01 DEBUG web[o.s.p.l.LdapContextFactory] Initializing LDAP context {java.naming.provider.url=ldap://myip:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=someusername,ou=Users,o=mydomain, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.sasl.realm=mydomain.com, java.naming.referral=follow}
2016.09.13 15:46:02 INFO  web[o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2016.09.13 15:46:02 ERROR web[o.a.c.c.C.[.[.[/]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
java.lang.IllegalStateException: Unable to open LDAP connection
        at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:146) ~[na:na]
        at org.sonar.plugins.ldap.LdapRealm.init(LdapRealm.java:64) ~[na:na]
        at org.sonar.server.user.SecurityRealmFactory.start(SecurityRealmFactory.java:84) ~[sonar-server-6.0.jar:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
        at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) ~[picocontainer-2.15.jar:na]
        at org.sonar.core.platform.ComponentContainer$1.start(ComponentContainer.java:320) ~[sonar-core-6.0.jar:na]
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.behaviors.Stored.start(Stored.java:110) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) ~[picocontainer-2.15.jar:na]
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) ~[picocontainer-2.15.jar:na]
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:141) ~[sonar-core-6.0.jar:na]
        at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:84) ~[sonar-server-6.0.jar:na]
        at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:687) ~[sonar-server-6.0.jar:na]
        at org.sonar.server.platform.Platform.start(Platform.java:216) ~[sonar-server-6.0.jar:na]
        at org.sonar.server.platform.Platform.startLevel34Containers(Platform.java:190) ~[sonar-server-6.0.jar:na]
        at org.sonar.server.platform.Platform.doStart(Platform.java:113) ~[sonar-server-6.0.jar:na]
        at org.sonar.server.platform.Platform.doStart(Platform.java:99) ~[sonar-server-6.0.jar:na]
        at org.sonar.server.platform.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:44) ~[sonar-server-6.0.jar:na]
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398) [tomcat-embed-core-8.0.32.jar:8.0.32]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_91]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_91]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_91]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[na:1.8.0_91]
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[na:1.8.0_91]
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[na:1.8.0_91]
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[na:1.8.0_91]
        at javax.naming.InitialContext.init(InitialContext.java:244) ~[na:1.8.0_91]
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[na:1.8.0_91]
        at org.sonar.plugins.ldap.LdapContextFactory.createInitialDirContext(LdapContextFactory.java:95) ~[na:na]
        at org.sonar.plugins.ldap.LdapContextFactory.createBindContext(LdapContextFactory.java:83) ~[na:na]
        at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:142) ~[na:na]
        ... 33 common frames omitted
2016.09.13 15:46:02 ERROR web[o.a.c.c.StandardContext] One or more listeners failed to start. Full details will be found in the appropriate container log file
2016.09.13 15:46:02 ERROR web[o.a.c.c.StandardContext] Context [] startup failed due to previous errors
2016.09.13 15:46:02 WARN  web[o.a.c.l.WebappClassLoaderBase] The web application [ROOT] appears to have started a thread named [Abandoned connection cleanup thread] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
 java.lang.Object.wait(Native Method)
 java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:143)
 com.mysql.jdbc.AbandonedConnectionCleanupThread.run(AbandonedConnectionCleanupThread.java:43)
2016.09.13 15:46:02 INFO  web[o.a.c.h.Http11NioProtocol] Starting ProtocolHandler ["http-nio-0.0.0.0-9000"]
2016.09.13 15:46:02 INFO  web[o.s.s.a.TomcatAccessLog] Web server is started
2016.09.13 15:46:02 INFO  web[o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000
2016.09.13 15:46:02 WARN  web[o.s.p.ProcessEntryPoint] Fail to start web
java.lang.IllegalStateException: Webapp did not start
        at org.sonar.server.app.EmbeddedTomcat.isUp(EmbeddedTomcat.java:84) ~[sonar-server-6.0.jar:na]
        at org.sonar.server.app.WebServer.isUp(WebServer.java:47) [sonar-server-6.0.jar:na]
        at org.sonar.process.ProcessEntryPoint.launch(ProcessEntryPoint.java:105) ~[sonar-process-6.0.jar:na]
        at org.sonar.server.app.WebServer.main(WebServer.java:68) [sonar-server-6.0.jar:na]
2016.09.13 15:46:02 INFO  web[o.a.c.h.Http11NioProtocol] Pausing ProtocolHandler ["http-nio-0.0.0.0-9000"]
2016.09.13 15:46:03 INFO  web[o.a.c.h.Http11NioProtocol] Stopping ProtocolHandler ["http-nio-0.0.0.0-9000"]
2016.09.13 15:46:03 INFO  web[o.a.c.h.Http11NioProtocol] Destroying ProtocolHandler ["http-nio-0.0.0.0-9000"]
2016.09.13 15:46:03 INFO  web[o.s.s.a.TomcatAccessLog] Web server is stopped
2016.09.13 15:46:03 INFO  app[o.s.p.m.Monitor] Process[es] is stopping
2016.09.13 15:46:04 INFO   es[o.s.p.StopWatcher]  Stopping process
2016.09.13 15:46:04 INFO   es[o.elasticsearch.node]  [sonar-1473767147543] stopping ...
2016.09.13 15:46:04 INFO   es[o.elasticsearch.node]  [sonar-1473767147543] stopped
2016.09.13 15:46:04 INFO   es[o.elasticsearch.node]  [sonar-1473767147543] closing ...
2016.09.13 15:46:04 INFO   es[o.elasticsearch.node]  [sonar-1473767147543] closed
2016.09.13 15:46:04 INFO  app[o.s.p.m.Monitor] Process[es] is stopped
<-- Wrapper Stopped

telnet to the IP and port 389 works

---

I've created a new user with a simpler password (no special characters) The error changed to the following:

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580]

Answer 1

changed the part

ldap.bindDn =cn=someusername,ou=Users,o=mydomain

to

ldap.bindDn =someusername@mydomain.com

and it worked

Answer 2

First issue

This is the real problem in your error:

In order to perform this operation a successful bind must be completed on the connection

As per LDAP Plugin documentation these are the properties that you should configure for SonarQube to bind to your server: ldap.bindDn and ldap.bindPassword .

But then, looking at your config:

ldap.bindDn.=cn=someusername,ou=Users,o=mydomain
ldap.bindPassword.=somepassword

See those trailing dots right there ? Removing them should let the bind operation work better.

---

Second issue Your Active Directory is returning a detailed error:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580]

error code 49 (data 52e) is the interesting part. A bit of googling on LDAP error codes brings you here for example:

49 - LDAP_INVALID_CREDENTIALS - Indicates that during a bind operation one of the following occurred: The client passed either an incorrect DN or password, or the password is incorrect because it has expired, intruder detection has locked the account, or another similar reason. See the data code for more information.

Bottom line: fix the credentials.