sonar-administrators group membership is disappearing

[vcmaxfield]

I'm seeing a problem where if a user belongs to sonar-administrators AND sonar-users in Crowd, when they log into sonar, they are removed from sonar-administrators locally (doesn't change in Crowd). Can a person belong to only one sonar- group at a time?

Update: it seems that any user belonging to sonar-administrators group is automatically removed that group in Sonar upon login.

(Crowd 2.7.2, Sonar 5.1)

[wysockip]

I notice the same behaviour. Please can someone take a look into that?

[ynojima]

I faced same issue.

[kwinsch]

Same here. If I create the group sonar-administrators in jira/crowd and add all sonar admins to it, they will automatically get into the local sonar sonar-administrators group. The same is with other groups.

Workaround:

1. Create user group in sonar
2. Create same group in jira
3. Add users in jira, instead of sonar
4. On next login, the group in sonar will be populated

[vcmaxfield]

This did not work for me. Some users even lose all group membership in Sonar when they log in.

[mcginleyr1]

Getting the same issue with github logins. The work around doesn't apply it seems as I tested this with github "groups".

[netropic]

Issue is still occuring with SonarQube 7.0 and Crowd 2.12.

[thanhma]

Yep, SonarQube 7.0, and users are removed from all groups, both system sonar-administrator group or other self-created groups. Only sonar-users remains.

[ksanjay7]

Faced the same issue using Ldap too... I have added users in sonar-administrator group and once they login, the user is no more in this group.

[xJREB]

We had a similar issue with the GitLab Auth plugin. As a workaround, we set the Default groups property in the plugin configuration to empty. After that, we were able to keep the admin group for selected GitLab users.

• SonarQube version 7.1 (build 11001)
• GitLab Auth version 1.3.2

[zok1995]

I think that issue with Sonar groups. I use Sonar 7 and LDAP. After logout users lose admin group. But if you give user admin access through Global Permissions tab it works. User should have the same permissions as admin group.

[deepy]

I'm not able the recreate the disappearance of the admin group on 7.2.1 or 6.7.5. @zok1995 are these groups added in sonar (and not in crowd)?

On one hand I get that losing all permissions set in sonar is annoying, but on the other hand having crowd as the source of truth for the user makes more sense for me.

[vcmaxfield]

@deepy i discovered the source of my error... the people who originally set this up misspelled the name of "sonar-administrators" as "sonar-administators".

[deepy]

I almost did that myself while setting up my crowd for testing 🙂 But thank you for following up! if someone else meets this then they got a good place to look.

Would it be OK to close this? When some time clears up I'm going to review+test and hopefully merge https://github.com/deepy/sonar-crowd/pull/4 which if working as described should provide a suitable alternative for those who don't want to sync groups.

[piszczek]

Same here, problem still exists on:

• SonarQube version 7.6.0.21501
• GitLab Auth version 1.3.2

Only when we grant admin access via global permissions it works in other cases permissions lost.

[UglyAnimal]

Same issue with: Sonarqube CE Version 7.7 (build 23042) Freeipa 4.6.4

[azfar96]

Do not put any group mapping properties at the LDAP Configuration section in sonar.properties file. That solved the issue for me.