[p4] Anyone using the external authentication triggers yet?
Russell C. Jackson
rusty at rcjacksonconsulting.com
Wed May 24 12:09:26 PDT 2006
Thanks Matt, that is very helpful info. for the testing I am doing. I
appreciate your quick replies.
Rusty
Matthew Janulewicz wrote:
> Most of my problems stemmed from figuring out whether or not I needed to
> include the domain name in the username to authenticate (I did), how to
> delineate it (two backslashes), originally having a password with a '!'
> in it that I couldn't figure out how to pass (ended up just changing the
> password.) I'm not sure if it was my less than stellar coding/testing or
> our AD server, but it doesn't seem to return very good error messages,
> so these things took a while to work out.
>
> My trigger looks like this (not sure why I changed the name of the
> script when I submitted it to the public depot...):
>
> ldap auth-check auth "/perforce/triggers/ad_p4authenticate.pl
> [my.ad.server] 389 [mydomain] %user%"
>
> 389 is the default port for AD. Basically, the script takes the username
> (you have to create that in Perforce), the domain you pass in, crunches
> them together and tries to do a simple bind on the server with the
> password the user provides. If it succeeds (the user exists and the
> password is correct) it exits and lets them in. If not, no Perforce for
> you!
>
> The only problem I've had with the scheme is bad logins count for the AD
> 'lockout' count, and I've had users lock themselves out of their
> machines by logging into Perforce with three bad passwords. Not sure how
> someone would do that, but they do.
>
> The only other thing that I can thing that might come up is that with
> the authentication trigger, I don't know of a way to have both domain
> and non-domain users. I needed a virtual build user to log into
> Perforce, and I had to have IT make a domain account for it. We only
> have one domain here, too, so I didn't have to deal with authenticating
> across multiple domains.
>
>
> -Matt
>
>
> -----Original Message-----
> From: Russell C. Jackson [mailto:rusty at rcjacksonconsulting.com]
> Sent: Wednesday, May 24, 2006 11:46 AM
> To: Matthew Janulewicz
> Cc: perforce-user at perforce.com
> Subject: Re: [p4] Anyone using the external authentication triggers yet?
>
> Thanks Matt, I appreciate the reply. What types of problems did you run
> into if you don't mind sharing? Also, what are all the parameters you
> are passing into the AD server to get it to find the user?
>
> Thanks,
> Rusty
>
>
>
>
> Matthew Janulewicz wrote:
>
>> I've been using one for a few months now. I like it. Users like it
>> because they don't have to remember yet another password.
>>
>> Hard to troubleshoot sometimes, and I locked myself out of my Active
>> Directory domain a few times when I was trying to get LDAP
>> authentication to work, but since I figured it out it's been running
>> solid with no intervention.
>>
>> For those that are interested, I hacked the original authentication
>>
> perl
>
>> script to work with Active Directory. I was in a situation where our
>> Perforce server is Linux, but needed to authenticate through AD. The
>> .exe provided would not work for obvious reasons. Find it here:
>>
>> //guest/matthew_janulewicz/utils/triggers/p4auth_ad.pl
>>
>>
>> -Matt
>>
>>
>> -----Original Message-----
>> From: perforce-user-bounces at perforce.com
>> [mailto:perforce-user-bounces at perforce.com] On Behalf Of Russell C.
>> Jackson
>> Sent: Wednesday, May 24, 2006 9:02 AM
>> To: perforce-user at perforce.com
>> Subject: [p4] Anyone using the external authentication triggers yet?
>>
>> Just wondering if anyone had started using the external authentication
>>
>
>
>> triggers yet, and if so, how your experience has been with them so
>>
> far?
>
>>
>>
>
>
>
>
>
>
>
More information about the perforce-user
mailing list