[p4] LDAP authentication via sAMAccountID
matt.janulewicz at lucasfilm.com
Thu Aug 6 17:46:04 PDT 2009
I *think* that Active Directory is typically set up to provide more
generic LDAP services. At least in every Windows shop I've worked in, it
has. In which case you can use a more generic script. I don't remember
where I stole this from, probably just the regular P4 public depot, but
this is what I used to use to authenticate against an AD sever (but in a
more LDAP-y way):
It basically just tries to bind to the server and doesn't do any
querying, just like the other example scripts Perforce provides.
Everywhere I have worked our Perforce servers were on a closed system so
I didn't care about SASL/encryption/etc. You can just take this (or any
other auth script) and try to run it and see what happens. Worst case
scenario, it won't work. :) Best case, it'll work.
Tim McDaniel wrote:
> Unfortunately, I know little about Active Directory, LDAP,
> or the APIs, so my apologies if I get this request wrong.
> We're considering how to authenticate against a Windows domain
> controller when the Perforce server (2008.2) is running on a Linux
> box. I believe that means it's Active Directory.
> appears to be the applicable Knowledge Base article.
> First: how do p4authenticate.c and p4authenticate.pl, in the initial
> section of that article, differ from Unix p4auth_ad.cpp and Linux
> 24x86 binary p4auth_ad in the "Active Directory vs. LDAP server"
> Please note that the provided AD scripts work by using the cn for
> authentication. It expects the cn to be equal to the sAMAccountID,
> the short name without spaces that users generally use to log into
> their machine. If cn fields on your AD server have been changed to
> include spaces, you need to modify the scripts below to do a
> lookup on the sAMAccountID and retrieve the cn before attempting
> the AD authentication component.
> Indeed, our cn fields do have spaces (e.g., cn="Tim McDaniel") when
> sAMAccountName is what we need (e.g., sAMAccountName="tmcdaniel").
> I know little at the moment: I don't suppose anyone happens to have
> existing code sitting around that I might adapt and use?
> Tim McDaniel, tmcd at panix.com
> perforce-user mailing list - perforce-user at perforce.com
More information about the perforce-user