Jump to content

Search the Community

Showing results for tags 'ldap'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Plastic SCM
    • General
    • Installation and configuration
    • Unity 3D
    • Plastic SCM on Mac
    • Plastic SCM on Linux
    • Gluon
    • Git interop
    • Integrations
    • Community Edition
    • Branching and merging
    • Announcements
  • Plastic SCM 4.0 Beta (Closed)
  • Plastic Cloud
    • General
    • Configuration
  • SemanticMerge
    • General
    • License
    • SCM's configuration
    • Share your experience!
    • External Parsers
  • GitJungle
  • Method History for Subversion

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 16 results

  1. Hi, I'm setting up a TeamCity by using Plastic Cloud, and I'm getting the following error: Failed for the root '"default" {instance id=1, parent internal id=1, parent id=DefaultVCSRoot, description: "PlasticSCM: br:/main@reponame@organization@cloud"}: Unable to retrieve the current repository state in root default: The LDAP token expired. User: name@domain.com. CommandResult 1 Hide stacktrace jetbrains.buildServer.vcs.VcsRootVcsException: Unable to retrieve the current repository state in root default: The LDAP token expired. User: name@domain.com. CommandResult 1 I did the usual approach: Created AWS instance Installed Windows Server 2019 Installed TeamCity 2020.1 Installed the full Plastic version with local server included Created connection profile for cloud Copied client.conf to Plastic Client installation path under Program Files. Added Plastic plugin to TeamCity Created VCS Root and tested that connection works It looked like all should be good to go, but after a moment I was getting that error on TC project view. I have previously only set TeamCity for enterprise accounts and dedicated servers, so my approach might be completely wrong here. Does this ring a bell for anyone over here? And is there some good guides on how to setup TeamCity with Plastic Cloud? Here is the full stack trace as well, with user account replaced with name@domain.com: at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.createRootException(VcsChangesStatesCollector.java:119) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.getCurrentState(VcsChangesStatesCollector.java:10) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.lambda$null$1(VcsChangesStatesCollector.java:88) at jetbrains.buildServer.util.NamedThreadFactory.executeWithNewThreadName(NamedThreadFactory.java:75) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.lambda$getCollectStatesTasks$2(VcsChangesStatesCollector.java:107) at jetbrains.buildServer.vcs.impl.ImmediateFutureExecService$2.call(ImmediateFutureExecService.java:5) at jetbrains.buildServer.serverSide.impl.ImmediateFuture.get(ImmediateFuture.java:59) at jetbrains.buildServer.serverSide.impl.ImmediateFuture.get(ImmediateFuture.java:68) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.collectStatesForAllRoots(VcsChangesStatesCollector.java:9) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.getCurrentStateSnapshot(VcsChangesStatesCollector.java:64) at jetbrains.buildServer.vcs.impl.VcsChangesFetcher.getStateAndCreateChangesCollectingTasks(VcsChangesFetcher.java:6) at jetbrains.buildServer.vcs.impl.VcsChangesLoader.doLoadChanges(VcsChangesLoader.java:26) at jetbrains.buildServer.vcs.impl.VcsChangesLoader.tryLoadChanges(VcsChangesLoader.java:35) at jetbrains.buildServer.serverSide.impl.VcsModificationChecker$CollectChangesAction$1.run(VcsModificationChecker.java:29) at jetbrains.buildServer.util.NamedThreadFactory.executeWithNewThreadName(NamedThreadFactory.java:75) at jetbrains.buildServer.serverSide.impl.VcsModificationChecker$CollectChangesAction.run(VcsModificationChecker.java:2) at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: jetbrains.buildServer.vcs.VcsException: Unable to retrieve the current repository state in root default: The LDAP token expired. User: name@domain.com CommandResult 1 at com.codicesoftware.plugins.teamcity.PlasticCollectChangesPolicy.getCurrentState(PlasticCollectChangesPolicy.java:57) at jetbrains.vcs.api.services.impl.RepositoryStateServiceProvider$1.getCurrentState(RepositoryStateServiceProvider.java:7) at jetbrains.buildServer.vcs.impl.VcsRootInstanceImpl.lambda$getCurrentState$0(VcsRootInstanceImpl.java:38) at jetbrains.buildServer.serverSide.impl.BaseAccessChecker.runWithDisabledChecks(BaseAccessChecker.java:30) at jetbrains.buildServer.serverSide.impl.SecondaryNodeSecurityManager.executeSafe(SecondaryNodeSecurityManager.java:20) at jetbrains.buildServer.serverSide.IOGuardInitializer$IOGuardDelegateImpl.allowNetworkAndCommandLine(IOGuardInitializer.java:11) at jetbrains.buildServer.serverSide.IOGuard.allowNetworkAndCommandLine(IOGuard.java:117) at jetbrains.buildServer.vcs.impl.VcsRootInstanceImpl.getCurrentState(VcsRootInstanceImpl.java:170) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector$CurrentStateOperation.call(VcsChangesStatesCollector.java:1) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector$CurrentStateOperation.call(VcsChangesStatesCollector.java:2) at jetbrains.buildServer.vcs.VcsOperationProgressProviderImpl.runWithProgress(VcsOperationProgressProviderImpl.java:27) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.getCurrentState(VcsChangesStatesCollector.java:63) ... 18 more Caused by: com.codicesoftware.plastic.core.PlasticConnectionException: The LDAP token expired. User: devops@returnentertainment.com. CommandResult 1 at com.codicesoftware.plastic.core.PlasticEphemeralShell.checkConnection(Unknown Source) at com.codicesoftware.plastic.core.PlasticEphemeralShell.prepareCommand(Unknown Source) at com.codicesoftware.plastic.core.PlasticEphemeralShell.execute(Unknown Source) at com.codicesoftware.plastic.core.PlasticShell.execute(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.ExecuteQuery(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.executeBranchQuery(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.GetBranches(Unknown Source) at com.codicesoftware.plugins.teamcity.cmcommands.CmCommandsImpl.getBranches(CmCommandsImpl.java:125) at com.codicesoftware.plugins.teamcity.branchfiltering.PlasticBranch.getOpenBranches(PlasticBranch.java:25) at com.codicesoftware.plugins.teamcity.PlasticCollectChangesPolicy.getCurrentState(PlasticCollectChangesPolicy.java:44) ... 29 more jetbrains.buildServer.vcs.VcsException: Unable to retrieve the current repository state in root default: The LDAP token expired. User: name@domain.com. CommandResult 1 at com.codicesoftware.plugins.teamcity.PlasticCollectChangesPolicy.getCurrentState(PlasticCollectChangesPolicy.java:57) at jetbrains.vcs.api.services.impl.RepositoryStateServiceProvider$1.getCurrentState(RepositoryStateServiceProvider.java:7) at jetbrains.buildServer.vcs.impl.VcsRootInstanceImpl.lambda$getCurrentState$0(VcsRootInstanceImpl.java:38) at jetbrains.buildServer.serverSide.impl.BaseAccessChecker.runWithDisabledChecks(BaseAccessChecker.java:30) at jetbrains.buildServer.serverSide.impl.SecondaryNodeSecurityManager.executeSafe(SecondaryNodeSecurityManager.java:20) at jetbrains.buildServer.serverSide.IOGuardInitializer$IOGuardDelegateImpl.allowNetworkAndCommandLine(IOGuardInitializer.java:11) at jetbrains.buildServer.serverSide.IOGuard.allowNetworkAndCommandLine(IOGuard.java:117) at jetbrains.buildServer.vcs.impl.VcsRootInstanceImpl.getCurrentState(VcsRootInstanceImpl.java:170) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector$CurrentStateOperation.call(VcsChangesStatesCollector.java:1) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector$CurrentStateOperation.call(VcsChangesStatesCollector.java:2) at jetbrains.buildServer.vcs.VcsOperationProgressProviderImpl.runWithProgress(VcsOperationProgressProviderImpl.java:27) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.getCurrentState(VcsChangesStatesCollector.java:63) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.lambda$null$1(VcsChangesStatesCollector.java:88) at jetbrains.buildServer.util.NamedThreadFactory.executeWithNewThreadName(NamedThreadFactory.java:75) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.lambda$getCollectStatesTasks$2(VcsChangesStatesCollector.java:107) at jetbrains.buildServer.vcs.impl.ImmediateFutureExecService$2.call(ImmediateFutureExecService.java:5) at jetbrains.buildServer.serverSide.impl.ImmediateFuture.get(ImmediateFuture.java:59) at jetbrains.buildServer.serverSide.impl.ImmediateFuture.get(ImmediateFuture.java:68) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.collectStatesForAllRoots(VcsChangesStatesCollector.java:9) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.getCurrentStateSnapshot(VcsChangesStatesCollector.java:64) at jetbrains.buildServer.vcs.impl.VcsChangesFetcher.getStateAndCreateChangesCollectingTasks(VcsChangesFetcher.java:6) at jetbrains.buildServer.vcs.impl.VcsChangesLoader.doLoadChanges(VcsChangesLoader.java:26) at jetbrains.buildServer.vcs.impl.VcsChangesLoader.tryLoadChanges(VcsChangesLoader.java:35) at jetbrains.buildServer.serverSide.impl.VcsModificationChecker$CollectChangesAction$1.run(VcsModificationChecker.java:29) at jetbrains.buildServer.util.NamedThreadFactory.executeWithNewThreadName(NamedThreadFactory.java:75) at jetbrains.buildServer.serverSide.impl.VcsModificationChecker$CollectChangesAction.run(VcsModificationChecker.java:2) at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: com.codicesoftware.plastic.core.PlasticConnectionException: The LDAP token expired. User: name@domain.com. CommandResult 1 at com.codicesoftware.plastic.core.PlasticEphemeralShell.checkConnection(Unknown Source) at com.codicesoftware.plastic.core.PlasticEphemeralShell.prepareCommand(Unknown Source) at com.codicesoftware.plastic.core.PlasticEphemeralShell.execute(Unknown Source) at com.codicesoftware.plastic.core.PlasticShell.execute(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.ExecuteQuery(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.executeBranchQuery(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.GetBranches(Unknown Source) at com.codicesoftware.plugins.teamcity.cmcommands.CmCommandsImpl.getBranches(CmCommandsImpl.java:125) at com.codicesoftware.plugins.teamcity.branchfiltering.PlasticBranch.getOpenBranches(PlasticBranch.java:25) at com.codicesoftware.plugins.teamcity.PlasticCollectChangesPolicy.getCurrentState(PlasticCollectChangesPolicy.java:44) ... 29 more com.codicesoftware.plastic.core.PlasticConnectionException: The LDAP token expired. User: name@domain.com. CommandResult 1 at com.codicesoftware.plastic.core.PlasticEphemeralShell.checkConnection(Unknown Source) at com.codicesoftware.plastic.core.PlasticEphemeralShell.prepareCommand(Unknown Source) at com.codicesoftware.plastic.core.PlasticEphemeralShell.execute(Unknown Source) at com.codicesoftware.plastic.core.PlasticShell.execute(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.ExecuteQuery(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.executeBranchQuery(Unknown Source) at com.codicesoftware.plastic.query.QueryCommands.GetBranches(Unknown Source) at com.codicesoftware.plugins.teamcity.cmcommands.CmCommandsImpl.getBranches(CmCommandsImpl.java:125) at com.codicesoftware.plugins.teamcity.branchfiltering.PlasticBranch.getOpenBranches(PlasticBranch.java:25) at com.codicesoftware.plugins.teamcity.PlasticCollectChangesPolicy.getCurrentState(PlasticCollectChangesPolicy.java:44) at jetbrains.vcs.api.services.impl.RepositoryStateServiceProvider$1.getCurrentState(RepositoryStateServiceProvider.java:7) at jetbrains.buildServer.vcs.impl.VcsRootInstanceImpl.lambda$getCurrentState$0(VcsRootInstanceImpl.java:38) at jetbrains.buildServer.serverSide.impl.BaseAccessChecker.runWithDisabledChecks(BaseAccessChecker.java:30) at jetbrains.buildServer.serverSide.impl.SecondaryNodeSecurityManager.executeSafe(SecondaryNodeSecurityManager.java:20) at jetbrains.buildServer.serverSide.IOGuardInitializer$IOGuardDelegateImpl.allowNetworkAndCommandLine(IOGuardInitializer.java:11) at jetbrains.buildServer.serverSide.IOGuard.allowNetworkAndCommandLine(IOGuard.java:117) at jetbrains.buildServer.vcs.impl.VcsRootInstanceImpl.getCurrentState(VcsRootInstanceImpl.java:170) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector$CurrentStateOperation.call(VcsChangesStatesCollector.java:1) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector$CurrentStateOperation.call(VcsChangesStatesCollector.java:2) at jetbrains.buildServer.vcs.VcsOperationProgressProviderImpl.runWithProgress(VcsOperationProgressProviderImpl.java:27) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.getCurrentState(VcsChangesStatesCollector.java:63) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.lambda$null$1(VcsChangesStatesCollector.java:88) at jetbrains.buildServer.util.NamedThreadFactory.executeWithNewThreadName(NamedThreadFactory.java:75) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.lambda$getCollectStatesTasks$2(VcsChangesStatesCollector.java:107) at jetbrains.buildServer.vcs.impl.ImmediateFutureExecService$2.call(ImmediateFutureExecService.java:5) at jetbrains.buildServer.serverSide.impl.ImmediateFuture.get(ImmediateFuture.java:59) at jetbrains.buildServer.serverSide.impl.ImmediateFuture.get(ImmediateFuture.java:68) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.collectStatesForAllRoots(VcsChangesStatesCollector.java:9) at jetbrains.buildServer.vcs.impl.VcsChangesStatesCollector.getCurrentStateSnapshot(VcsChangesStatesCollector.java:64) at jetbrains.buildServer.vcs.impl.VcsChangesFetcher.getStateAndCreateChangesCollectingTasks(VcsChangesFetcher.java:6) at jetbrains.buildServer.vcs.impl.VcsChangesLoader.doLoadChanges(VcsChangesLoader.java:26) at jetbrains.buildServer.vcs.impl.VcsChangesLoader.tryLoadChanges(VcsChangesLoader.java:35) at jetbrains.buildServer.serverSide.impl.VcsModificationChecker$CollectChangesAction$1.run(VcsModificationChecker.java:29) at jetbrains.buildServer.util.NamedThreadFactory.executeWithNewThreadName(NamedThreadFactory.java:75) at jetbrains.buildServer.serverSide.impl.VcsModificationChecker$CollectChangesAction.run(VcsModificationChecker.java:2) at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834)
  2. Our organization uses LDAP to authenticate people to PlasticSCM. For our CI/CD servers, I have been looking into using a separate user. Ideally I would like it to be a user local to the PlasticSCM server rather than one from LDAP; since we use a Directory-as-a-Service provider for our LDAP configuration, each new user has an additional cost, so I'd like to not incur that cost if possible. I suspect that one cannot mix authentication modes as I've described, but I would like confirmation either way on this. Thanks for the help!
  3. Hello, I've been having issues configuring permissions for groups. We are set up using LDAP for our users. Ideally I would use our pre-existing LDAP groups, yet, when I add those groups using the `cm acl` command, developers in their respective groups do not get the permissions. When doing research, I came upon the fact that LDAP users can be added to PlasticSCM groups. I created the groups, per the documentation. Users still are not getting permissions set as intended. My groups.conf file looks like this: My server.conf as well is set up per the documentation: I'm not sure what is going wrong, and would appreciate any help. Thank you!
  4. We've recently upgraded from PlasticSCM 5 to 5.4. I noticed that the client no longer decides what authentication method to use. In PlasticSCM 5 we had an ActiveDirectory authentication selected in the server configuration. On the other hand, the clients used either ActiveDirectory or LDAP authentication modes. Some of us work in the same network the PlasticSCM server runs. They log in to their Windows accounts using their AD credentials. If I remember correctly, those users could use ActiveDirectory authentication mode in PlasticSCM 5, so they did not have to specify their credentials separately in PlasticSCM client configuration. The rest of us work remotely and use local users for Windows authentication. We could so far use LDAP authentication in PlasticSCM client 5, providing our AD credentials in PlasticSCM configuration. Because now the server forces authentication mode, it seems that we have to switch it to the LDAP mode. However, this will force all AD users to specify their user names and passwords now. Don't you think that when the server's authentication mode is set to Active Directory, PlasticSCM client should either let the user use Windows credentials, or specify credentials manually?
  5. I have configured plastic server to use active directory and also configured client to use AD as well. This configuration is working fine. Because my home computer is not part of the corporate domain I configured it to use LDAP authentication. The server is still configured as AD. When I use the Test Connection function the message "Active Directory or LDAP: Invalid credentials username, password or domain are not valid" is displayed. On the basis that there may be some issue with the VPN I changed my work computer (which was already successfully authenticating with AD) to use LDAP instead. When I use the Test Connection function I get the same message. I would be grateful for any assistance.
  6. Hi, I have troulbles with configuration of LDAP connection for authentification of users. 1) I try to use a distigushed name for plastic server system LDAP user like this: dn: cn=plastic,ou=systemusers,dc=example,dc=com I do not understand how to configure this distinguided name in plastic server configuration using fields Domain, User name and Password. Also looks like plastic server send dn as uid=plastic,ou=systemusers,dc=example,dc=com. Is it possible to configure distinguished name pattern or it is hardcoded to user uid for RDN? 2) Our LDAP server is used for many consumers (JIRA, svn, Confluence, etc), so we have a policy to keep system users separately. So we want to have system user like: dn: cn=plastic,ou=systemusers,dc=example,dc=com and delopers like dn: cn=j.doe,ou=users,dc=example,dc=com Is it possible to configure different LDAP directories for system users and human users? Looks like plastic will search for users in ou=systemusers,dc=example,dc=com 3) Our system administrator says that plastic server uses an anonymous directory access to LDAP server. Because anonymous access is not allowed on our server, we get an Insufficient access rights error. Is it possible to switch off anonymouse requests? 4) Do you have some technical paper about LDAP configuration? Do you have open sources for LDAP module? What you could recomment in such situation (when organisation has one centralized LDAP server for many purposes with some policy about names installed) ?
  7. So, I have a plastic server setup and it seems every so often I am losing connection to my LDAP Server. I've gotten two errors. (obviously I didnt write them down.) 1. (something along the lines of, The numbers are correct) "User unconfirmed S-1-5-21-824...." 2. (something along the lines of) Cannot connect to LDAP or Active Directory server at this ip :192.168. 0. 00 These persist for about 5 min and then disappear without restarting anything or really doing anything at all except reopening plastic on the client. So I currently am making sure that the LDAP server isnt being over loaded, by just pointing plastic to our secondary server. My main question is can plastic take in a primary and secondary server and if the first one fails use the second. If so, please tell me how. If not any suggestion would. Currently there are about 10 users, and this happens maybe 2-3 times a day. Its not game-breaking, but it is annoying when trying to pull or push new code. thanks for the help -Crychair (Sorry I use LDAP and Active Directory Server Interchangeably. We have AD servers but they listen on 389(LDAP))
  8. I am trying to setup Plastic(5.4.13.589 Lab) with LDAP server (Both Plastic and LDAP on Ubuntu 14.04 LTS, OpenLDAP 2.4). However when I try to perform a sync replication, the server returns some error message like: 2014-08-13 01:30:31,822 plasticscm at ERROR Replication - Error processing replication operation. Active Directory or LDAP: Invalid credentials username, password or domain are not valid. Server error: An error occurred in the LDAP server: Local Error. at af6.a (.c6 A_0, Novell.Directory.Ldap.LdapConnection A_1) [0x00000] in <filename unknown>:0 at af6.h (System.String A_0) [0x00000] in <filename unknown>:0 at ut.a (System.String A_0, Boolean A_1) [0x00000] in <filename unknown>:0 at SecurityManager.Users.UserInfoLoader.a (System.String A_0, Boolean A_1) [0x00000] in <filename unknown>:0 at SecurityManager.User.GetSEIDFromName (System.String name, Boolean bIsGroup) [0x00000] in <filename unknown>:0 at SecurityManager.SecurityFactory.GetSeidFromName (System.String name, Boolean bIsGroup) [0x00000] in <filename unknown>:0 at ty.a (Codice.CM.Common.Replication.ReplicatedSEID A_0) [0x00000] in <filename unknown>:0 at ty.a (Codice.CM.Common.Replication.ReplicatedSEID A_0, EnumReplicationSEIDTranslationMode A_1, Codice.CM.Common.SEIDTranslationTable A_2) [0x00000] in <filename unknown>:0 at Codice.CM.Server.Replication.Pusher.a (Codice.CM.Common.Replication.ReplicatedSEID A_0) [0x00000] in <filename unknown>:0 at Codice.CM.Server.Replication.Pusher.y () [0x00000] in <filename unknown>:0 at Codice.CM.Server.Replication.Pusher.Push () [0x00000] in <filename unknown>:0 at Codice.CM.Server.Replication.ImportPackageOperation.Execute () [0x00000] in <filename unknown>:0 at Codice.CM.Server.Replication.ReplicatorDaemon.a (System.Object A_0) [0x00000] in <filename unknown>:0 I tried to run the Server on Windows, using the same directory, also I tried to switch the LDAP server to 389 (Fedora) Directory Server. Neither worked. I would really appreciate any help on this issue. Please ask if you need any additional information. (Or probably this is because of my LDAP configuration does not play well with Plastics. If that is the case could anyone please give me some hint on LDAP structures that would work with Plastic SCM? Now I can still adjust the directory.) Thanks.
  9. Hi, I would like to know if anyone understand how to allow Plastic SCM (5.4.13.589 on Linux) to synchronize groups with LDAP servers (Ubuntu 14.04 LTS, OpenLDAP 2.4). I am currently using groupOfUniqueNames (with uniqueMember for group members), however it the groups never shows up in Plastic. (By the way, I think it would be really helpful to document things like LDAP settings in a little bit more detail in the admin manual.) Thanks a lot.
  10. Hi, I'm having a problem configuring the SCM client running on Ubuntu 14 (in a VMWare virtual machine hosted on W8) and using LDAP authentication. I installed the client following the recommendation of manu in this thread http://www.plasticscm.net/index.php?/topic/2193-install-on-ubuntu-1404/. When configuring the client the follwoing message appears after clicking "Test connection". I have no clue what the problem is and how to solve this. Can you please provide help? Thanks!
  11. I have configured a plastic server on Linux to connect to an OpenLDAP server on the same machine. <ServerConfigData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <Language>en</Language> <WorkingMode>LDAPWorkingMode</WorkingMode> <SecurityConfig>LDAP:localhost:389:cn=sysread,ou=users,dc=insomnia-hq,dc=de:XXXXXXXXXXX:dc=insomnia-hq,dc=de</SecurityConfig> <BufferPoolSize>0</BufferPoolSize> <AuditLogLevel>1</AuditLogLevel> <AuditLogFile>audit.log</AuditLogFile> </ServerConfigData> However whenever I try to authenticate agains the server I get the following error message ERROR Codice.CM.Server.ExceptionTracerSink - Dumping in-transit exception:Active Directory or LDAP: Invalid credentials username, password or domain are not valid. Server error: An error occurre d in the LDAP server: Local Error From the LDAP server logs I can see that it doesn't even try to connect to the ldap server. Did I misconfigure something here?
  12. Hello, While working in LDAP authentication mode, the PlasticSCM server is syncing with the LDAP server every 5min. But each time, the PlasticSCM Server log is filled with all the entries. How can I disable these entries in the LOG? Thanks, Ed.
  13. Hi! I'm trying to move my users under LDAP and there are some issues appears. The first one is LDAP access binding. My server.conf looks like: <WorkingMode>LDAPWorkingMode</WorkingMode> <SecurityConfig>LDAP:localhost:389:ldapuser:secured:dc=host,dc=tld</SecurityConfig> and i expect the bindings to my LDAP server under `ldapuser' bind with passphrase `secured', but my LDAP log shows attempts of anonymous acess: [21/Jan/2013:17:15:58 +0400] conn=16 op=0 BIND dn="" method=128 version=3 [21/Jan/2013:17:15:58 +0400] conn=16 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" As my LDAP forbade anonymous access then any Plastic requests was refused by LDAP server till I allow anon access and then I get list of my users. Ok. The second issue is about case sensitive group names. My LDAP tree contains nine different groups with `objectClass: groupOfUniqueNames'. WIth LDAP log I see what it honestly return nine entries amount to Plastic request (cm lu localhost:8087 -g): [21/Jan/2013:18:17:41 +0400] conn=19 op=49 SRCH base="dc=domain,dc=tld" scope=2 filter="(|(objectClass=groupofuniquenames)(objectClass=posixGroup)(objectClass=group))" attrs=ALL [21/Jan/2013:18:17:41 +0400] conn=19 op=49 RESULT err=0 tag=101 nentries=9 etime=0 but console print me only one of them. I've compared this entry with other and looked one difference up: it had got definition 'objectClass: groupofuniquenames' i.e. was entered with lower case letters and other were as `groupOfUniqueNames'. I've changed several objectClass's decls to lower case and they was listed successfully. I suppose the behaviour in first issue is not correct 'cause it drills some size hole in security. The second issue is more interesting: what does it mean? from one hand LDAP is not case sensitive for class names (as I remember), so it is looks like bug. But from other hand it is a feature which useful for useless groups filtering, but I don't know whether I relay it on. Dear developers, please give me some light about. My Plastic server version is 4.1.10.388. Thank advance, Eugene. P.S. Sorry, this topic seem to be more appropriate for 'Installation and configuration'.
  14. Happy new year all, I would like to configure LDAP/AD on our evaluation Server (currently we are using user/pass). I managed to configure and link to our AD eventually (although, I could not find anything in the manual about it). As it stands now, all users in the organization can login to the service, and I'm not clear how to limit this. Also, how is the license counted when using LDAP? Can we choose which users are allowed to access the PlasticSCM server? (so only they will be counted for) Thanks, Ed.
  15. I'd like to setup Plastic to use LDAP authentication with SSL, connecting to Novell's eDirectory. There seem to be several issues with this. First, I can't seem to get Plastic to connect using SSL to any LDAP (tried both the LDAP interface to Active Directory as well as eDirectory). Are SSL connections not supported? Trying to bind to LDAP while sending credentials information across the network unencrypted simply won't work anywhere where security is a priority. Second, it seems that Plastic's implementation of "pure" LDAP is maybe lacking? I'm not sure. Does plastic truly support LDAP, or just the LDAP interface to Active Directory? On the configuration wizard for LDAP, I enter the host and domain for the eDirectory server. I then have tried several different ways of specifying the user, all to no avail. My normal user id in order to bind would be fully qualified, such as "uid=username,ou=orgunit,dc=subdomain,dc=topleveldomain". There simply seems no way for me to be able to get the "Test Connection" button to work. The response it gives is unhelpful, telling me the username, password, or domain is incorrect. I know the user and password are correct because I can bind using those credentials through an LDAP explorer. The thing I'm not so sure about is the domain. I've tried several different strings in that box, all to no avail. I've tried the host name, the "subdmian.topdomain", the "dc=subdomain,dc=topdomain" syntax, I even tried including the ou in that as well, all to no avail. What am I missing here? 1) Does Plastic support connecting to LDAP over SSL? 2) Does Plastic support connecting to Novell's eDirectory? If so, how does one go about doing that? I have no problems connecting using other tools. As an aside...would the developers of Plastic ever consider adding a plugin/extension capability for authentication? Many other unrelated products (such as Jira) do this, just defining an interface and allowing customer to implement their own mechanism. It would be nice, for example, to simply write a quick and dirty plugin that just forwards the credentials specified to our federated SSO provider.
  16. Looking through the documentation, I'm unable to find any information on how to administer permissions on Users and/or Groups when using LDAP or AD Auth. We have several teams and want to limit access to certain areas of the repo to read only for a particular team. We are currently running version 4.0.237.0. Any info would be helpful. Thank you. Mike Albelo
×
×
  • Create New...