Jump to content


Perforce group / AD (ldap) group synchronisation

ldap groups

  • Please log in to reply
3 replies to this topic

#1 suttph01

suttph01

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 09 August 2017 - 03:36 AM

Hi,

I'm attempting to integrate the management of Perforce into AD.  I've managed to set up AD authentication OK so that
users are authenticated against AD if they are a member of a specific AD group.  All well and good.

The next step, and the one I can't seem to get working, is to have Perforce groups populated by synchronising them to AD
groups

I cannot seem to get the ldap config for the Perforce group correct.  For example, in the group that I want all Perforce
users to be listed, "_All_Users", the following config has been set:

LdapConfig:        example-sasl

LdapSearchQuery:           (&(objectClass=user)(memberOf=CN=All_Perforce_Users,OU=Security Groups,DC=EXAMPLE,DC=LOCAL))

LdapUserAttribute:         sAMAccountName

The LdapConfig, 'example-sasl' is known to be working (and uses the same 'All_Perforce_Users' AD group to verify an
approved user).  However, the result of a 'p4 ldapsync -g -n _All_Users' results in a 'LDAP search failed: Operations
Error'

I've tested the LdapSearchQuery string (using ldifde) and that returns the expected users, but Perforce doesn't seem to like it for some reason.

Anyone have any ideas of have gotten this working themselves?

Thanks.

#2 p4rfong

p4rfong

    Advanced Member

  • Staff Moderators
  • 343 posts

Posted 18 August 2017 - 12:05 AM

See our KB article "Configuring ldapsync"
http://answers.perfo...ticles/KB/13173

You will probably need to run Active Directory Explorer and ldapsearch to test your LDAP query.  See "Authenticating with LDAP" http://answers.perfo...rticles/KB/2590

#3 suttph01

suttph01

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 18 August 2017 - 12:11 AM

Thanks - yes, that guide did resolve the issue.  I didn't realise the SASL bind I was using wouldn't work for group sync.

#4 p4rfong

p4rfong

    Advanced Member

  • Staff Moderators
  • 343 posts

Posted 18 August 2017 - 12:21 AM

Glad it worked for you!





Also tagged with one or more of these keywords: ldap, groups

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users