Jump to content


Ldap authentication turned on Domain account keeps locking


  • Please log in to reply
2 replies to this topic

#1 ITSupport-ORTEC

ITSupport-ORTEC

    Member

  • Members
  • PipPip
  • 11 posts

Posted 05 April 2019 - 09:56 AM

Hi,

When I turn on ldap authentication for one particular Peforce account, the domain account is immediately locked.
After unlocking the domain account, it is locked again, but now after 2 minutes.
Where on the Perforce server can I check for sessions running under this account? Are there logs I can check?

I hope my question is clear :rolleyes:

#2 Matt Janulewicz

Matt Janulewicz

    Advanced Member

  • Members
  • PipPipPip
  • 172 posts
  • LocationSan Francisco, CA

Posted 10 April 2019 - 12:36 AM

There are two structured logs that may be of help, the ladapsync one and the auth one. You would enable them by adding the following configurables to the server that is doing the LDAP authenticating:

serverlog.file.1 = /p4/1/logs/structured/auth.log
serverlog.file.4 = /p4/1/logs/structured/ldapsync.log
serverlog.retain.1 = 14
serverlog.retain.4 = 14

I think maybe the ldapsync one only does the group sync, that's all I see in mine but who knows. The auth log will hopefully give you more insight on what's up with the password auth for the user.
-Matt Janulewicz
Staff SCM Engineer, Perforce Administrator
Dolby Laboratories, Inc.
1275 Market St.
San Francisco, CA 94103, USA
majanu@dolby.com

#3 ITSupport-ORTEC

ITSupport-ORTEC

    Member

  • Members
  • PipPip
  • 11 posts

Posted 19 June 2019 - 08:04 AM

Hi Matt Janulewicz,

Thanks for your reaction and answer. It turns out that this particular account was locked because our Continuous Integration Server which is connected to Perforce was connecting using his old credentials.
After using the correct credentials in the Continuous Integration Server the account didn't lock anymore.
I did not use your solution because the problem was solved in another way.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users