[p4] LDAP authentication via sAMAccountID

Matt Janulewicz matt.janulewicz at lucasfilm.com
Thu Aug 6 17:46:04 PDT 2009


I *think* that Active Directory is typically set up to provide more 
generic LDAP services. At least in every Windows shop I've worked in, it 
has. In which case you can use a more generic script. I don't remember 
where I stole this from, probably just the regular P4 public depot, but 
this is what I used to use to authenticate against an AD sever (but in a 
more LDAP-y way):

ftp://public.perforce.com/guest/matthew_janulewicz/utils/triggers/p4auth_ad.pl

It basically just tries to bind to the server and doesn't do any 
querying, just like the other example scripts Perforce provides.

Everywhere I have worked our Perforce servers were on a closed system so 
I didn't care about SASL/encryption/etc. You can just take this (or any 
other auth script) and try to run it and see what happens. Worst case 
scenario, it won't work. :) Best case, it'll work.


-Matt


Tim McDaniel wrote:
>
> Unfortunately, I know little about Active Directory, LDAP,
> or the APIs, so my apologies if I get this request wrong.
>
> We're considering how to authenticate against a Windows domain
> controller when the Perforce server (2008.2) is running on a Linux
> box.  I believe that means it's Active Directory.
> <http://kb.perforce.com/AdminTasks/TriggersAndDaemons/SettingUpExt..ionTriggers>
> appears to be the applicable Knowledge Base article.
>
> First: how do p4authenticate.c and p4authenticate.pl, in the initial
> section of that article, differ from Unix p4auth_ad.cpp and Linux
> 24x86 binary p4auth_ad in the "Active Directory vs. LDAP server"
> section?
>
> Also,
>
>      Please note that the provided AD scripts work by using the cn for
>      authentication. It expects the cn to be equal to the sAMAccountID,
>      the short name without spaces that users generally use to log into
>      their machine. If cn fields on your AD server have been changed to
>      include spaces, you need to modify the scripts below to do a
>      lookup on the sAMAccountID and retrieve the cn before attempting
>      the AD authentication component.
>
> Indeed, our cn fields do have spaces (e.g., cn="Tim McDaniel") when
> sAMAccountName is what we need (e.g., sAMAccountName="tmcdaniel").
>
> I know little at the moment: I don't suppose anyone happens to have
> existing code sitting around that I might adapt and use?
>
> --
> Tim McDaniel, tmcd at panix.com
> _______________________________________________
> perforce-user mailing list  -  perforce-user at perforce.com
> http://maillist.perforce.com/mailman/listinfo/perforce-user
>



More information about the perforce-user mailing list