#!/usr/local/bin/perl
##################################################################################################################################################
#
# PERFORCE LDAP AUTHENTICATION TRIGGER SCRIPT
# This trigger script will be used to authenticate Perforce login sessions against the LDAP in UNIX and AD in Windows.
# How to apply the trigger:
# -> Must have admin or superuser account access <-
# Triggers:
# ldap-trigger auth-check auth /path-to-the-trigger-script/ldap.pl ldap-hostname port %user% uid=%user%,cn=users,cn=corp,dc=abc-company,dc=com
#
# For this test instance we apply it as follows
# FOR UNIX-LDAP - store the list of ldap servers in a file called /home/userid/bin/unix_ldap (one server CNAME in each line)
# Triggers:
# ldap-trigger auth-check auth /home/userid/new-ldap.pl 389 %user% uid=%user%,cn=users,cn=corp,dc=abc-company,dc=com
#
# FOR WINDOWS-AD : Store the List of AD servers in a file called /home/userid/bin/NT-AD (one AD server CNAME in each line)
# Triggers:
# AD-trigger auth-check auth /home/userid/new-ldap.pl 389 %user% uid=%user%,CN=users,DC=corp,DC=ad,DC=abc-company,DC=com
# In general, please use the DN that suits the LDAP or AD of your company.
###################################################################################################################################################
use strict;
use Net::LDAP;
use Net::LDAP qw(LDAP_EXTENSION_START_TLS);
use Authen::Simple::Passwd;
use Net::Ping;
use IO::Socket;
##############################
# GLOBAL VARIABLE DEFINITION
##############################
my ($tmp_usr_file,$specialcheck,$ldaptestval,$max_count,$checkval,$option,$ip,$target,$curr_time,$max,$pport,$checkval,$count_enabled,$remote,$option,$count,$adhost,$adservers,$adserver_cnt)="";
my ($ldap_passwd,$login_attempt,$baseDN,$nuser,$reason,$host,$port,$dn,$emailid,$user,$ldap,$result,$password, $ncmd,$fullname,$fname,$lname,$dtstamp,$logfile,$temp,$p4userid,$uid,$k,$cmd,$val)="";
my (@testldapportargs,@temparray,@array,@tmp,@ad)=();
my $argc = scalar(@ARGV);
my $caCertFile="/home/userid/bin/cacert.pem";
# THE WORKSPACE FOR PERFORCE SUPER-USER ACCOUNT THAT RUNS P4D is /home/userid/p4workspace/BU-UNIT-NAME_PORT
my $htpasswd="/home/userid/p4workspace/ABC-DEPT_3024/.htpasswd";
my $workdir="/home/userid/p4workspace/ABC-DEPT_3024/";
my $hostfile="/home/userid/bin/unix_ldap";
my $ldap_retrycount=5;
my $password_retry=3;
my ($ldaptestval,$max_count,$option,$ip,$target,$curr_time,$max,$port,$checkval,$count_enabled,$remote,$option,$count)="";
my $sendmail='/usr/lib/sendmail';
my $specialuser=1;
my @specialusers=("build","wengangm","haoruiw","giddeong","erich","admin","stevew","shengjieh","regress","calvinp","qiangj","cesarm","jasong","dechengx","frankl","frederice","gwangseonp","howarda","jamesf","jasona","jcm","joshs","kaitlinw","lingyongc","mingquanl","paulg","pengd","andrewc","peterd","roberth","russells","sanjayg","support","yongpingz","zhinengn","zhuz");
my $irvine_ux_passwd=0;
my $temp_usr_file_path="/tmp/p4_BU-Unit_login_";
my $send_usr_email=1;
my $user_emailid="";
my $email_tag=1;
# SENDEMAIL VARIABLES
my $to="jsiddaga\@abc.com,scm-l2-list\@abc.com";
my $from="userid\@abc.com";
my ($subject,$message,$failedlogin)="";
# END OF SENDEMAIL VAIRABLES
###################################
# --END OF VARIBLE DEFINITIONS --
###################################
## Perforce requires messages on stdout
##
open(STDERR, ">&STDOUT") or die "Can't dup stdout";
#############################
# OPEN LOG FILE FOR WRITING #
#############################
#
# Using a logfile to store the events of the script fired.
# The file will be stored in /home/userid for debug purpose only and will be removed later.
$logfile="/tmp/p4auth-BU-Unit-log.txt";
$dtstamp= localtime(time);
open(FIL,">>$logfile") or die "\n Cannot open file $logfile for write access: $!\n";
print FIL "\n---TRIGGER FIRED--- $dtstamp ---";
## check argument count
##
#print "\nNUMBER OF ARGUMENTS:$#ARGV\nARGUMENTS ARE : @ARGV\n";
if( $argc != 3 ) {
die "wrong number of arguments!\n";
}
## Read UNIX-LDAP servers file for a list LDAP hostnames.
open(HFIL,"$hostfile") or die "\n CANNOT OPEN FILE $hostfile FOR READ OPERATION: $!\n";
@ad=<HFIL>;
close(HFIL);
#print FIL "\n LDAP SERVERS ARE:\n@ad\n";
# CHECK IF THERE ARE MORE THAN 1 AD SERVERS IN @ad. IF THERE ARE THEN SET THE $adservers TO THE NUMBER OF AD SERVERS
$adservers=$#ad;
## End of read UNIX-LDAP Servers
#####################
## assign arguments
##
$port = shift @ARGV;
$user = shift @ARGV;
$dn = shift @ARGV;
$baseDN="$dn";
print FIL "\nUSER:$user\nDN:$dn";
##########################################################################################
#Check to see if the P4-user id is a special id that requires the use of mapping
##########################################################################################
$specialcheck=grep(/$user/,@specialusers);
$specialuser=0 if($specialcheck==1);
print FIL "\n SPECIALCHECK=$specialcheck\n";
print FIL "\t SPECIAL USER\n" if($specialuser==0);
##################################################################
# Call the Check Perforce- Unix Function before proceeding further
##################################################################
sub checkuser()
{
$nuser=check_p4_unix_id($user);
chomp($nuser);
#print FIL "NUSER:$nuser\n";
#print "\n\n UPON CHECKING, THE UNIX ID WAS FOUND TO BE: $nuser\n";
# NOW, IF THE PERFORCE USER ID IS DIFFERENT FROM THE UNIX ID,
# REPLACE THE DN STRING WITH THE APPPOPRIATE UNIX ID
if($nuser ne $user)
{
$dn=~s/$user/$nuser/g;
#print "\n NEW-DN: $dn\n";
$user="$nuser";
}
}
##############################################
# -----END OF CHECK PERFORCE AND UNIX ID------
##############################################
##########################################################
# DEFINING THE MAPPING HASH TABLE TO MAP P4-ID TO UNIX-ID
# THIS IS FOR THOSE USERS WHOSE P4 ID AND UNIX ID DON'T MATCH
##########################################################
my %special=("jack"=>"sjackson",
"jossie"=>"wjoss");
##########################################################
# END OF MAPPING HASH
##########################################################
if($specialuser==0)
{
$nuser="$special{$user}";
$dn=~s/$user/$nuser/g;
$user="$nuser";
print FIL "The UNIX user id now is: $user\n DN NOW--->$dn\n";
}
## read the password from <stdin> and truncate the newline
##
$password = <STDIN>;
$password =~ s/\n//;
&checkuser if($specialuser==1);
############################################################################
# CHECK IF LDAP SERVER AND PORT ARE ACTIVE
############################################################################
# DEFINE THE ARGUMENTS TO PASS TO THE LDAP-PORT CHECK SUBROUTINE
# REPEAT PINGING THE LDAP SERVER 5 TIMES : INDICATED BY -c 5 (THE FIRST TWO ARGUMENTS PARSED TO THE SUBROUTINE)
# WHICH LDAP SERVER? -> PARSE $host
# WHICH PORT ON LDAP SERVER? -> PARSE $port
foreach $adhost(@ad)
{
chomp($adhost);
$host="$adhost";
$host=~s/\s+//;
$adservers--;
#print FIL "\n HOST: $host\n";
# SET THE $adserver_cnt TO TRUE IF $adservers>=0;
# IF $adserver_cnt IS SET TO TRUE, i.e VALUE=0, THE SCRIPT MUST RERUN TEST TO SEE IF OTHER LDAP SERVERS IN @ad ARE ACTIVE.
# IF $adserver_cnt IS SET TO FALSE, i.e VALUE=1, THE SCRIPT SHOULD RESORT TO FALLBACK PLAN.
$adserver_cnt=0 if($adservers>=0);
$adserver_cnt=1 if($adservers<0);
##############################################################################
@testldapportargs=("-c","5","$host","$port");
$ldaptestval=&checkportvalidity(@testldapportargs);
print FIL "LDAP SERVER RUNNING OR NOT:$ldaptestval\t (0 value indicates RUNNING, 1 indicates DOWN)\n";
#print "\n RESULT OF CHECKING IF LDAP SERVER IS RUNNING OR NOT:\n $ldaptestval\t (0 value indicates RUNNING, 1 indicates DOWN)\n";
# IF THE LDAPTESTVAL IS ZERO, i.e LDAP IS ACIVE, QUIT AND MOVE TOWARDS AUTHENTICATING USER AGAINST LDAP
# IF $adserver_cnt=1, THEN THERE ARE NO MORE AD SERVERS TO CHECK. QUIT.
last if($ldaptestval==0 || $adserver_cnt==1);
}
if($ldaptestval==1 && $adserver_cnt==1)
{
print FIL "\n LDAP DOWN!! -> RESORTING TO FALLBACK PLAN\n";
&fallback(1);
}
elsif($ldaptestval==0)
{
print FIL "LDAP WORKING. USER AUTHENTICATION AGAINST LDAP MUST BE RUN\n";
}
# IF $ldaptestval = 0 IT MEANS LDAP SERVER IS RUNNING FINE. CONTINUE WITH LDAP AUTHENTICATION
# IF $ldaptestval = 1 IT MEANS LDAP SERVER IS DOWN, JUMP TO FALLBACK PLAN.
########################################################################################
## make a standard non-encrypted connection to LDAP
##
my $ldap = Net::LDAP->new( $host, port => $port ) or die "$@";
# READ THE CERTIFICATE FILE
(-r $caCertFile)
or die ("Cannot open CA Certificate file for read\n");
my $mesg= $ldap->start_tls(verify=>'require', cafile=>$caCertFile);
if($mesg->code())
{
print FIL "\n ERROR:",$mesg->code(),":->",$mesg->error();
close(FIL);
die ("\nERROR:",$mesg->code(),": ",$mesg->error());
}
$password_retry--;
my $result = $ldap->bind( $dn, password => $password );
#while($result->code && $password_retry>0)
#{
# $checkval=&retry_login;
# last if($checkval==0);
#}
## check result, report errors
##
#if(($result->code && $password_retry<0) || $checkval==1)
if($result->code)
{
# FAIL PERFORCE LOGIN IF THE PASSWORD PROVIDED WAS INCORRECT
print FIL "\nLDAP bind Failure: $result->code\n";
$send_usr_email=&failed_login_test($user,$temp_usr_file_path);
&endtrigger;
close(FIL);
print "\n\t\tINCORRECT PASSWORD ENTERED!\n\t\tPLEASE TRY AGAIN WITH YOUR UNIX PASSWORD\n";
$irvine_ux_passwd=&test_irvine_ux_password($user);
&send_user_email($user) if($send_usr_email==0 && $irvine_ux_passwd==0);
&send_user_email($user,$irvine_ux_passwd) if($send_usr_email==0 && $irvine_ux_passwd==2);
die "LDAP bind failure!\n";
}
$result=$ldap->unbind;
if($result->code)
{
die "LDAP Unbind failure\n";
}
&endtrigger;
exit(0);
#--------X-----------
#############################
# END OF SCRIPT
#############################
###########################################################
# SUBROUTINE TO CHECK IF P4 USERID MATCHES WITH UNIX UID
###########################################################
sub check_p4_unix_id()
{
$p4userid=shift @_;
chomp($p4userid);
print FIL "P4 User-id: $p4userid";
$cmd="pwd";
$val=`$cmd 2>&1`;
#print FIL "\n PRESENT-WORKING-DIR:$val \n";
$cmd="";
$val="";
$cmd="getent passwd $p4userid| cut -d \":\" -f1";
#print FIL "\n COMMAND BEING RUN: $cmd\n";
$uid=`$cmd 2>&1`;
if($?)
{
print FIL "\n ERROR: $uid\n $!\n";
&endtrigger;
exit 1;
}
chomp($uid);
print FIL "\nUNIX-UID: $uid";
if($uid eq $p4userid)
{
#print FIL "\nUSER IDS ARE THE SAME\n";
# EXIT POINT FOR SUB-ROUTINE
return $p4userid;
}
# If the associated UNIX id is different from the P4 userid
# Extract the Fullname of the user by using the P4 userid.
# Store the fullname in $fullname
else
{
chdir $workdir or die "\n Cannot chdir to $workdir : $!\n";
$cmd="pwd";
$val=`$cmd 2>&1`;
#print FIL "\n NOW->PRESENT-WORKING-DIR IS:$val \n";
###################################################################################
# PERFORCE DAEMON ACCOUNT, userid, LOGS IN HERE.
# THIS IS DONE BECAUSE FOR SOME REASON userid ACCOUNT GETS BOOTED OUT OF PERFORCE
###################################################################################
# $cmd="p4 login <$passwdfile";
# print FIL "\n COMMAND FOR EXTRACTING P4 USER DETAILS:$cmd\n";
# $val=`$cmd 2>&1`;
# if($?)
# {
# print "\n ERROR:$val\n";
# exit 1;
# }
$cmd="p4 user -o $p4userid";
$val=`$cmd 2>&1`;
@tmp=split(/\n/,$val);
foreach(@tmp)
{
if(/^Email/)
{
s/Email:\s+//;
$emailid="$_";
}
if(/^FullName/)
{
s/FullName:\s+//;
$fullname="$_";
}
}
print FIL "\n$val\nFullName:$fullname\n";
}
$fullname="\""."$fullname"."\"";
# Look for FullName in the Unix directory for a valid login
$cmd="ypcat -k passwd| grep $fullname| cut -d \" \" -f1";
print FIL "\n COMMAND BEING EXECUTED:\n$cmd\n";
#print "\n COMMAND BEING EXECUTED:\n$cmd\n";
$k=`$cmd 2>&1`;
# What to do if user has more than 1 entry??
if($k eq "")
{
#print "\n USER $p4userid DOES NOT HAVE A UNIX ACCOUNT! \n";
#print FIL "\n USER $p4userid DOES NOT HAVE A UNIX ACCOUNT! \n";
#close(FIL);
#exit 1;
#######################################################################################
# SECTION TO SEGGREGATE FIRST NAME AND LAST NAME RUN A SEARCH. WILL USE ONLY IF NEEDED.
#######################################################################################
$fullname=~s/"//g;
@array=split(/\s/,$fullname);
print "\n$#array\n";
#foreach(@array){print"\n$_";}
$lname=pop(@array);
$fname=shift(@array);
#print "\n First Name: $fname\nLast Name:$lname\n";
# Look for first name
$cmd="ypcat -k passwd | grep $fname| cut -d \" \" -f1";
#print "\nLooking for First name :\n$cmd\n\n\n";
$k=`$cmd 2>&1`;
#print "\n Value found: $k\n";
#print "\n UID : $k\n";
#print "\n PERFORCE USER ID:$p4userid\t AND ITS MATCHING UNIX ID: $k\n";
# Look for last name if first name is not found
if($k eq "")
{
$cmd="ypcat -k passwd | grep $lname";
#print "\nLooking for Last name:\n$cmd\n\n\n";
$k=`$cmd 2>&1`;
print "\n USER $p4userid DOES NOT HAVE A UNIX ACCOUNT! \n" if($k eq "");
&endtrigger;
#return $p4userid;
exit 1;
}
print FIL "\n PERFORCE USER ID:$p4userid\nMATCHING UNIX ID: $k\n" if($k ne "");
# EXIT POINT OF SUB-ROUTINE
return $k;
}
else
{
@temparray=split(/\n/,$k);
if($#temparray>0)
{
print "\n MULITPLE USER-IDs FOR $fullname. \nIDS ARE:\n@temparray\n";
print "\n WHAT ID SHOULD BE USED ??!!\n";
&endtrigger;
exit 1;
}
print "\n MATCHING UNIX ID: $k\n";
print FIL "\n MATCHING UNIX-ID: $k\n";
}
# close(FIL);
return $k;
#exit 0;
}
################################
# END OF SUBROUTINE
################################
###########################################
# TRIGGER END TIMESTAMP SUBROUTINE
###########################################
sub endtrigger()
{
$dtstamp= localtime(time);
print FIL "\n-----TRIGGER END TIME : $dtstamp-------";
print FIL "\n------------XXXXXX--------------\n";
return;
}
############################################
# END OF SUBROUTINE
###########################################
#############################################################################################################
# FALL-BACK SUBROUTINE
#
# THIS SUB-ROUTINE WILL BE FIRED IN THE FOLLOWING INSTANCES:
#
# 1. TRIGGER SCRIPT IS UNABLE TO FIND A UNIX ACCOUNT FOR THE PEFORCE USER TRYING TO LOGIN.
#
# 2. LDAP IS DOWN.
#
# 3. LDAP AUTHENTICATION FOR USER FAILS. TRY LOCAL USER-ID/PASSWORD FILE FOR AUTHENTICATION
#
# ARGUMENT PASSED TO THIS SUBROUTINE IS CAPTURED IN $reason
# $reason = 1 IMPLIES THAT FALLBACK IS USED BECAUSE LDAP IS DOWN
# $reason = 2 IMPLIES THAT LDAP AUTHENTICATION FAILED FOR THE USER
################################################################################################################
sub fallback()
{
$reason=shift(@_);
print FIL "\n RESORTING TO FALLBACK PLAN !!\n AUTHENTICATING FALLBACK FOR $user\n";
print FIL "\n REASON FOR USING FALLBACK PLAN : LDAP DOWN\n" if($reason==1);
print FIL "\n REASON FOR USING FALLBACK PLAN : LDAP AUTHENTICATION FAILED FOR USER\n" if($reason==2);
my $passwd=Authen::Simple::Passwd->new(passwd=>$htpasswd);
if($passwd->authenticate($user,$password))
{
print FIL "\n SUCCESSFUL IN FALLBACK AUTHENTICATION OF $user!\n------XXXX----\n";
&endtrigger;
close(FIL);
exit 0;
}
else
{
print FIL "\nLDAP bind Failure: $result->code\n";
&endtrigger;
close(FIL);
die "LDAP bind failure!\n";
}
}
#########################################################################################################
# END OF FALL-BACK SUBROUTINE
#########################################################################################################
#########################################################################################################
# # SUBROUTINE TO CHECK IF LDAP SERVER AND PORT ARE ACTIVE #
# ######################################################
# USAGE: THIS FUNCTION WILL BE USED TO CHECK IF THE TRIGGER SHOULD AUTHENTICATE AGAINST LDAP
# OR
# RESORT TO THE FALLBACK PLAN IN CASE LDAP IS DOWN
#########################################################################################################
sub checkportvalidity()
{
#print "\n HERE NOW-->\n @_\n";
@ARGV=(@_);
#print "\n ARGV ARRAY: @ARGV\n";
if ( $ARGV[0] eq "-c" )
{
shift(@ARGV);
#print "\n NOW...... @ARGV\n";
$max_count = $ARGV[0] ;
$option = "TCP" ;
$count_enabled = 1 ;
#print "\n$option port check with count of $max_count - " ;
shift(@ARGV);
}
else
{
$option = "TCP" ;
print "\n$option port check - " ;
}
#####
##### Check that the right amount of arguments are correct
##### there should be two - first is server name, and
##### second is the port number
#####
if ( $ARGV[1] eq "" && $ARGV[2] eq "" ) {
print "\nYou must pass in the host and port";
print "\nUSAGE : ping_port.pl [-u|-t|-c COUNT] [IPADDRESS] [PORT]";
print "\n";
print "\n";
exit
}
$target = shift(@ARGV);
#print "checking $target...\n";
#####
##### main section
#####
$ip = name($target);
$count = 1;
$max = $max_count + 1 ;
$curr_time=` date '+%m-%d-%Y @ %H:%M:%S' `;chomp($curr_time);
if ( $max < 2 ) { $max = 2 } ;
foreach $pport (@ARGV) {
while ( $count < $max )
{
$checkval=check_tcp_port($ip,$pport);
return 0 if($checkval==0);
#sleep 1;
$count = $count + 1 ;
if ( $count_enabled != 1 ) { $max = $max + 1 } ;
}
print "\n";
return 1 if($checkval==1);
}
#####
##### Get name or IP, return IP address
#####
sub name {
my ($host) = @_;
eval {
my $ipaddr = inet_ntoa(inet_aton($host));
#print "IP for $host :\t$ipaddr\n\n";
return $ipaddr;
} || die "Could not find host.\n";
}
#####
##### Check to see if a port is open
#####
sub check_tcp_port {
my ($host,$pport) = @_;
$curr_time=` date '+%m-%d-%Y @ %H:%M:%S' `;chomp($curr_time);
$remote = IO::Socket::INET -> new (
Proto => "tcp",
Timeout => 3,
PeerAddr => $host,
PeerPort => $pport );
if ($remote) {
close $remote;
#print "YAHOO\t$host:$pport ($option) =>\tActive ($count - $curr_time)\n";
return 0;
}
else { print "$host:$pport ($option) =>\tInactive ($count - $curr_time)\n"; return 1; }
}
}
#########################################################################################################
# END OF LDAP AND PORT CHECK SUBROUTINE
#########################################################################################################
##################################################################
# #SEND EMAIL SUBROUTINE IF LOGIN FAILS
##################################################################
sub send_email()
{
$failedlogin=shift @_;
chomp($failedlogin);
$subject="$failedlogin - PERFORCE LOGIN FAILURE!!";
$message="\tPERFORCE SERVER: pf-sj1-8.sj.abc.com:1690\n\nPLEASE CHECK LOG-FILE /tmp/p4auth-BU-Unit-log.txt";
open(MAIL,"|$sendmail -oi -t");
print MAIL "From:$from\n";
print MAIL "To:$to\n";
print MAIL "Subject:$subject\n\n";
print MAIL "$message\n";
close(MAIL);
return;
}
####################################################################
# END OF SEND EMAIL SUBROUTINE
####################################################################
####################################################################
# PASSWORD RETRY SUBROUTINE
####################################################################
sub retry_login()
{
$password_retry--;
print "\n PASSWORD-RETRY-COUNT:$password_retry\n";
print "\n INCORRECT UNIX PASSWORD. Please retry entering correct UNIX password\nPassword:";
$password=<STDIN>;
$password=~s/\n//;
$result=$ldap->bind($dn,password=>$password);
return 1 if($result->code);
return 0;
}
####################################################################
# END OF PASSWORD RETRY SUBROUTINE
####################################################################
#########################################################################
# SUBROUTINE TO CHECK IF UNIX PASSWORD FOR USER IS REPLICATED ON LDAP
#########################################################################
sub test_irvine_ux_password()
{
print FIL "\n X->TEMP: $user\n";
$cmd="rsh engcm-irva-03.irv.abc.com getent passwd $user|cut -d \":\" -f2";
$val=`$cmd 2>&1`;
$val=~s/\*//g;
chomp($val);
print FIL "\n Value:$val";
return 2 if($val eq "CIFSONLY" || $val eq "AUTOSYNC");
return 0 if($val ne "CIFSONLY" || $val ne "AUTOSYNC");
}
#########################################################################
# END OF SUBROUTINE
#########################################################################
##########################################################################
# SUBROUTINE TO TRACK THE FAILURE OF LOGINS BY USERS AND EMAIL IF NEED BE
##########################################################################
sub failed_login_test()
{
$tmp_usr_file="$temp_usr_file_path"."$user";
chomp($tmp_usr_file);
if(-e $tmp_usr_file)
{
open(TMPFIL,"$tmp_usr_file") or die "\nCannot open file $tmp_usr_file for read acces: $!\n";
$login_attempt=<TMPFIL>;
close(TMPFIL);
chomp($login_attempt);
print "\Old-Login-attempt-val:$login_attempt\n";
$login_attempt++;
print "\nNew-Login-attempt-val:$login_attempt\n";
if($login_attempt>=3)
{
$email_tag=0;
$login_attempt=0;
}
open(TMPFIL,">$tmp_usr_file") or die "\nCannot open file $tmp_usr_file for write acces: $!\n";
print TMPFIL "$login_attempt";
close(TMPFIL);
}
else
{
$cmd="touch $tmp_usr_file";
$val=`$cmd 2>&1`;
if($?)
{
print FIL "\nUNABLE TO CREATE LOGIN-COUNTER FILE FOR USER $user: $!\n$val\n";
exit 1;
}
$login_attempt=1;
open(TMPFIL,">$tmp_usr_file") or die "\nCannot open file $tmp_usr_file for write acces: $!\n";
print TMPFIL "$login_attempt";
close(TMPFIL);
}
return 0 if($email_tag==0);
return 1 if($email_tag!=0);
}
##########################################################################
# END OF FAILED LOGIN TEST
##########################################################################
##########################################################################
# SEND USER EMAIL SUBROUTINE UPON 3rd FAILURE ATTEMPT TO LOGIN
##########################################################################
sub send_user_email()
{
$user_emailid=shift @_;
$ldap_passwd=shift @_;
chomp($ldap_passwd);
$failedlogin="$user_emailid";
chomp($user_emailid);
$user_emailid="$user_emailid"."\@abc.com";
chomp($user_emailid);
$to="$to".",$user_emailid";
chomp($to);
$subject="$failedlogin - PERFORCE LOGIN FAILURE!!";
$message="Dear BU-Unit Perforce User,\n\nYour third login attempt to Perforce Server: p4-server.abc.com:1690 has failed.\n\nPlease login using your IRVINE UNIX password.\nTHE LDAP TRIGGER IS ENABLED ON THE PERFORCE SERVER.\n\nPlease contact scm-l2-list\@abc.com team OR jsiddaga\@abc.com for help. \n\nThank You!\nEngCM Team" if($ldap_passwd==0);
$message="Dear BU-Unit Perforce User,\n\nYour third login attempt to Perforce Server: pf-server.abc.com:1690 has failed.\n\nPlease login using your IRVINE UNIX password.\nTHE LDAP TRIGGER IS ENABLED ON THE PERFORCE SERVER.\n\n --> USER'S PASSWORD NOT ACTIVE IN IRVINE-UNIX <-- \n\n Please contact support\@abc.com team OR p4-admin\@abc.com for help. \n\nThank You!\nEngCM Team" if($ldap_passwd==2);
open(MAIL,"|$sendmail -oi -t");
print MAIL "From:$from\n";
print MAIL "To:$to\n";
print MAIL "Subject:$subject\n\n";
print MAIL "$message\n";
close(MAIL);
return;
}
##########################################################################
# END OF SEND-USER-EMAIL SUBROUTINE
##########################################################################