deepy / sonar-crowd

GNU Lesser General Public License v3.0
32 stars 37 forks source link

sonar-administrators group membership is disappearing #9

Closed vcmaxfield closed 6 years ago

vcmaxfield commented 7 years ago

I'm seeing a problem where if a user belongs to sonar-administrators AND sonar-users in Crowd, when they log into sonar, they are removed from sonar-administrators locally (doesn't change in Crowd). Can a person belong to only one sonar- group at a time?

Update: it seems that any user belonging to sonar-administrators group is automatically removed that group in Sonar upon login.

(Crowd 2.7.2, Sonar 5.1)

wysockip commented 7 years ago

I notice the same behaviour. Please can someone take a look into that?

ynojima commented 7 years ago

I faced same issue.

kwinsch commented 7 years ago

Same here. If I create the group sonar-administrators in jira/crowd and add all sonar admins to it, they will automatically get into the local sonar sonar-administrators group. The same is with other groups.

Workaround:

  1. Create user group in sonar
  2. Create same group in jira
  3. Add users in jira, instead of sonar
  4. On next login, the group in sonar will be populated
vcmaxfield commented 7 years ago

This did not work for me. Some users even lose all group membership in Sonar when they log in.

mcginleyr1 commented 6 years ago

Getting the same issue with github logins. The work around doesn't apply it seems as I tested this with github "groups".

netropic commented 6 years ago

Issue is still occuring with SonarQube 7.0 and Crowd 2.12.

thanhma commented 6 years ago

Yep, SonarQube 7.0, and users are removed from all groups, both system sonar-administrator group or other self-created groups. Only sonar-users remains.

ksanjay7 commented 6 years ago

Faced the same issue using Ldap too... I have added users in sonar-administrator group and once they login, the user is no more in this group.

xJREB commented 6 years ago

We had a similar issue with the GitLab Auth plugin. As a workaround, we set the Default groups property in the plugin configuration to empty. After that, we were able to keep the admin group for selected GitLab users.

zok1995 commented 6 years ago

I think that issue with Sonar groups. I use Sonar 7 and LDAP. After logout users lose admin group. But if you give user admin access through Global Permissions tab it works. User should have the same permissions as admin group.

deepy commented 6 years ago

I'm not able the recreate the disappearance of the admin group on 7.2.1 or 6.7.5. @zok1995 are these groups added in sonar (and not in crowd)?

On one hand I get that losing all permissions set in sonar is annoying, but on the other hand having crowd as the source of truth for the user makes more sense for me.

vcmaxfield commented 6 years ago

@deepy i discovered the source of my error... the people who originally set this up misspelled the name of "sonar-administrators" as "sonar-administators".

deepy commented 6 years ago

I almost did that myself while setting up my crowd for testing 🙂 But thank you for following up! if someone else meets this then they got a good place to look.

Would it be OK to close this? When some time clears up I'm going to review+test and hopefully merge https://github.com/deepy/sonar-crowd/pull/4 which if working as described should provide a suitable alternative for those who don't want to sync groups.

piszczek commented 5 years ago

Same here, problem still exists on:

Only when we grant admin access via global permissions it works in other cases permissions lost.

UglyAnimal commented 5 years ago

Same issue with: Sonarqube CE Version 7.7 (build 23042) Freeipa 4.6.4

azfar96 commented 5 years ago

Do not put any group mapping properties at the LDAP Configuration section in sonar.properties file. That solved the issue for me.