问题
Just stood up a brand new SonarQube 6.7.1 server and configured it to authenticate users via the LDAP plugin (2.2 build 608). So far so good.
However, when users trying to run a command line scan using maven with a token:
mvn sonar:sonar -Dsonar.login=438fd33be6d6e5c9146c674717fea4675f0eb
...they get the following error:
Not authorized. Please check the properties sonar.login and sonar.password.
The Sonar logs are showing:
2018.01.19 18:20:14 DEBUG web[AWELLmgpg7dbJTF2AALW][o.s.p.l.LdapUsersProvider] User 438fd33be6d6e5c9146c674717fea4675f0eb not found in <default>
2018.01.19 18:20:14 DEBUG web[AWELLmgpg7dbJTF2AALW][auth.event] login failure [cause|No user details][method|BASIC][provider|REALM|LDAP]
This makes it look like Sonar's LDAP plugin is attempting to look up a user on LDAP whose name would be the access token. Clearly this isn't going to work!
We are using sonar maven plugin version 3.4.0.905.
Edit: The same token works from IntelliJ SonarLint. Which seems to point to the Maven plugin being at fault here.
回答1:
Thanks to @agabrys for the tip.
Running this Maven command:
mvn clean verify help:evaluate -Dexpression="sonar.password" -Dsonar.login=438fd33be6d6e5c9146c674717fea4675f0eb
Returned:
admin
In order to accept the token, then password must be empty. It must be the Maven sonar plugin that is setting this default password!! Setting the default password to empty via this:
mvn clean verify sonar:sonar -Dsonar.password= -Dsonar.login=438fd33be6d6e5c9146c674717fea4675f0eb
Worked.
来源:https://stackoverflow.com/questions/48347351/sonarqube-token-access-when-ldap-is-enabled