Jump to content


p4 ldap on CentOS7

centos ldap

  • Please log in to reply
5 replies to this topic

#1 vaseer

vaseer

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 07 March 2017 - 07:51 PM

Hi Guys,

Sorry if I'm posting in the wrong section, not sure which other would fit best.

I am currently trying to setup perforce on a test CentOS7 server.

All went well, and the service is up. Next phase was to configure ldap. Since tis is configured natively I setup the ldap file as follows:


Name:    thisdomainldap

Host:    domainoncorp.corp.resolvesok.com

Port:    389

Encryption:    tls

BindMethod:    sasl

Options:    nodowncase nogetattrs realminusername

SearchBaseDN:    OU=UserAccounts,DC=domainoncorp,DC=corp,DC=resolvesok,DC=com

SearchScope:    subtree

SaslRealm:    domainoncorp.corp.resolvesok.com

GroupBaseDN:    OU=UserAccounts,DC=domainoncorp,DC=corp,DC=resolvesok,DC=com

GroupSearchScope:    subtree

Now this is the exact configuration used on another server (setup on windows) and works without issues.

After flipping the auth to ldap, and attempting to logon, I get an error saying credentials are invalid, and the following entry in the logs:

2017/03/07 19:24:00 512828675 pid 10492: RpcRecvBuffer user = domainoncorp\theuser
2017/03/07 19:24:00 512864984 pid 10492: RpcRecvBuffer ldap = thisdomainldap
2017/03/07 19:24:00 512902315 pid 10492: RpcRecvBuffer confirm = dm-LdapCheck
2017/03/07 19:24:00 512936255 pid 10492: RpcRecvBuffer func = dm-LdapCheck
2017/03/07 19:24:00 512971551 pid 10492: Rpc dispatch dm-LdapCheck
2017/03/07 19:24:00 513026518 pid 10492: GetDb db.ldap mode 2
2017/03/07 19:24:00 513087531 pid 10492: Unlocking db.ldap.
2017/03/07 19:24:00 513163825 pid 10492: AuthLdap::GetConn creating new connection
2017/03/07 19:24:00 513591332 pid 10492: LdapConn::SetSSLOptions: Setting LDAP Client's TLS cipher suites: DEFAULT:!MEDI
UM:!LOW:!EXPORT:!SEED:!aNULL:!eNULL:!NULL:!RC4
2017/03/07 19:24:01 701521839 pid 10492: AuthLdap::BindCheck bind needed for 'theuser'
2017/03/07 19:24:02 047879288 pid 10492: AuthLdap::Bind soft fail for 'domainoncorp\theuser'
2017/03/07 19:24:02 048130386 pid 10492: RpcSendBuffer code0 = 838999868
2017/03/07 19:24:02 048179091 pid 10492: RpcSendBuffer fmt0 = Authentication as %user% failed with realm %realm%. Reason
: %reason%
2017/03/07 19:24:02 048210554 pid 10492: RpcSendBuffer user = theuser
2017/03/07 19:24:02 048237622 pid 10492: RpcSendBuffer realm = domainoncorp
2017/03/07 19:24:02 048263527 pid 10492: RpcSendBuffer reason = Invalid credentials
2017/03/07 19:24:02 048315590 pid 10492: RpcSendBuffer func = client-Message
2017/03/07 19:24:02 048343580 pid 10492: Rpc invoking client-Message

Now the credentials are 100% valid, as the same can be used on the other server. This CentOS box is joined to the domain, and authenticating on it as a domain user works without issue.
The only problem is with p4. I've tried disabling ipv6, also tried setting encryption to ssl instead of tls, but still same error. The domain is reachable, DNS is confirmed ok. Not sure where else to look for this.

Any help will be greatly appreciated.

Kind Regards,
George

#2 JathavanSriram

JathavanSriram

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 08 March 2017 - 08:30 PM

Hi there,
can you first try your ldap setup with the following command (try this directly on the perforce server)
  • p4 ldap -t john.doe ldapconfigname
In your case it should be "p4 ldap -t yourusername thisdomainldap".
If everything is setup correctly then you should get a prompt to enter the users password, and after correct entry you should see a "Authentication succesful" message:

Enter password:
Authentication successful.
Discovered FullName: John Doe
Discovered Email: John.Doe@fluffycat.com

That would be a first step to debug the whole thing.

Cheers
Jatha

#3 vaseer

vaseer

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 09 March 2017 - 10:13 AM

Hi Jatha,

I've already tried that, but it comes back with Invalid Credentials:

[gavram@cosbilskirnir ~]# p4 -p 2334 ldap -t domainoncorp\\theuser thisdomainldap
Enter password:
Authentication as theuser failed with realm domainoncorp. Reason: Invalid credentials
[gavram@cosbilskirnir ~]#

Verified the credentials, they're good.
What's frustrating about this is that there's a server running on RHEL7, which is configured the exact same way and doesn't have this issue. Not sure if my distro is missing something or not. But they both pretty much have the same list of packages.

Cheers,
George

#4 p4rfong

p4rfong

    Advanced Member

  • Staff Moderators
  • 343 posts

Posted 09 March 2017 - 07:28 PM

Try encryption none and a simpler config:
p4 ldap saslconfig
Name: thisdomainldap
Host: domainoncorp.corp.resolvesok.com
Port: 389
Encryption: none
BindMethod: sasl
SearchScope: subtree
GroupSearchScope: subtree

Then try tls again.
As mentioned, use "p4 ldap -t" to test the LDAP config

#5 vaseer

vaseer

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 10 March 2017 - 12:22 PM

Hi p4rfong,

I went ahead and removed the SearchbaseDN and GroupbaseDN and it is now working. The new ldap config looks like:

Name:   thisdomainldap

Host:   domainoncorp.corp.resolvesok.com

Port:   636

Encryption: ssl

BindMethod: sasl

Options:     nodowncase nogetattrs realminusername

SearchScope:    subtree

GroupSearchScope:    subtree

What I fail to understand is why those weren't working. The configuration was exactly the same on the RHEL server, and that one was working without issue.
I'll need to investigate further and see what was wrong with GroupBaseDN and SearchBaseDN.
For now this is working.
I'll post back if I find out why those aren't working with this server.
Thanks for your help :)

Kind Regards

#6 p4rfong

p4rfong

    Advanced Member

  • Staff Moderators
  • 343 posts

Posted 14 March 2017 - 07:14 PM

I am glad it is working now!  Interesting that the encryption is "ssl" -- I have not seen that.





Also tagged with one or more of these keywords: centos, ldap

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users