#!/usr/bin/perl -w # # Overview: This trigger script authenticates a Perforce userid against # against an AD sAMAccount name. It will handle multiple domains. # # sample trigger usage: # ad auth-check auth "/usr/bin/perl AD_auth.pl %user%" use strict; use Net::LDAP; $|=1; ######################## Set Variables #################################### # AD connect timeout my $timeout = 10; # Set AD server info. my $ad_port = "389"; # AD Port, should probably leave. my $ad_host = "AD IP"; # Put IP of your AD server here # AD read Account. # Full DN including user. You don't need to use an Administrator account # any account should do I suggest you change the below line to a standard user. my $ad_read_dn = 'CN=user,CN=Users,DC=test,DC=domain,DC=com'; my $ad_read_p = 'Password'; ########################################################################### open(STDERR, ">&STDOUT") or die "Can't dup stdout"; if (scalar(@ARGV != 1)) { die "\nUsage:\nAD_auth.pl \%username\%\n" } my $p4_user = shift; chomp $p4_user; my $password = ; $password =~ s/\r\n//; chomp $password; if ($password =~ /^$/) { die "Null passwords not allowed" } ##### Authenticate! ###################################################### my $ad = Net::LDAP->new($ad_host, port => $ad_port, timeout => $timeout ) || die "Unable to connect with read account"; my $mesg = $ad->bind ("$ad_read_dn", password => $ad_read_p, version => 3 ) || die "Unable to bind\n"; $mesg = $ad->search( base => '', filter => "(objectclass=*)", scope => 'base' ); my $ret = 1; my $tc = Net::LDAP->new($ad_host, port => $ad_port, timeout => $timeout ) || die "Unable to connect with read account"; my @entries = ($mesg->entries); foreach my $entry (@entries) { my $root_dn = $entry->get_value('rootDomainNamingContext'); $mesg = $ad->search ( base => $root_dn, filter => "(samaccountname=$p4_user)", scope => 'sub', attrs => "mail" ) || next; my @users = ($mesg->entries); next if (! defined $users[0]); $mesg = $tc->bind(dn => $users[0]->dn(), password => $password) || next; if (! $mesg->code) { $ret = 0; last } } if ($ret) { print "Authentication Failed. Access Denied" } exit $ret;