K
Q

SonarQube on Kubernetes with LDAP authentication

10/3/2018

I'm having issues opening up communication with my LDAP authentication. Locally logins work fine, but when running on Kubernetes I am receiving the error:

2018.10.03 18:23:44 INFO  web[][org.sonar.INFO] Security realm: LDAP
2018.10.03 18:23:44 INFO  web[][o.s.p.l.LdapSettingsManager] User mapping: LdapUserMapping{baseDn=ou=bluepages,o=ibm.com, request=(&(mail={0})(objectclass=person)), realNameAttribute=cn, emailAttribute=mail}
2018.10.03 18:23:45 INFO  web[][o.s.p.l.LdapSettingsManager] Groups will not be synchronized, because property 'ldap.group.baseDn' is empty.
2018.10.03 18:23:45 INFO  web[][o.s.p.l.LdapContextFactory] Test LDAP connection: FAIL
2018.10.03 18:23:45 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.plugins.ldap.LdapException: Unable to open LDAP connection
    at org.sonar.plugins.ldap.LdapContextFactory.testConnection(LdapContextFactory.java:211)
    at org.sonar.plugins.ldap.LdapRealm.init(LdapRealm.java:63)

I'm a bit unsure how to open up the flow from the Kubernetes cluster to ldap.

-- user3413540
kubernetes
ldap
sonarqube

Similar Questions

Kubernetes worker nodes not automatically being assigned podCidr on kubeadm join
Environment variables not being resolved in Kubernetes Java deployment
ServiceAccount in GKE fails authentication
kubernetes pods cannot communicate to outside world
How to access ACR images from calico.yaml

1 Answer

10/3/2018

I totally think it's either an 'Egress' firewall rule not allowing your Kubernetes cluster to talk to port 636 or an 'Incoming' firewall rule on your LDAP deployment not allowing the external IP address range of your Kubernetes cluster into port 636.

This might help where it says "Allowing the cluster to access infrastructure resources and other services"

-- Rico
Source: StackOverflow