#!/usr/bin/perl -w #============================================================================== # Copyright and license info is available in the LICENSE file included with # the Server Deployment Package (SDP), and also available online: # https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE #------------------------------------------------------------------------------ # # Overview: This trigger script authenticates a Perforce userid against # against an AD sAMAccount name. It will handle multiple domains. # # This debug version of the script is meant to be used on the commandline. # AD_auth_debug.pl <username>" use strict; use Net::LDAPS; $|=1; ######################## Set Variables #################################### # AD connect timeout my $timeout = 10; # Set AD server info. my $ad_port = "636"; # AD Port, should probably leave. my $ad_host = "AD IP"; # Put IP of your AD server here # AD read Account. # Full DN including user. You don't need to use an Administrator account # any account should do I suggest you change the below line to a standard user. my $ad_read_dn = 'CN=user,CN=Users,DC=test,DC=domain,DC=com'; my $ad_read_p = 'Password'; ########################################################################### open(STDERR, ">&STDOUT") or die "Can't dup stdout"; if (scalar(@ARGV != 1)) { die "\nUsage:\nAD_auth.pl \%username\%\n" } my $p4_user = shift; chomp $p4_user; print "\nIn this DEBUG script, the password will be shown for visual verification.\n"; print "Please enter your password: "; my $password = <STDIN>; $password =~ s/\r\n//; chomp $password; if ($password =~ /^$/) { die "Null passwords not allowed" } print "Proceeding with the following details:\n\n"; print " User set to: $p4_user\n"; print " Password set to: $password\n\n"; print " Connecting to IP: $ad_host\n"; print " Connecting to Port: $ad_port\n\n"; print " Using read DN: $ad_read_dn\n"; print " Using read DN p: $ad_read_p\n\n"; ##### Authenticate! ###################################################### my $ad = Net::LDAPS->new($ad_host, port => $ad_port, timeout => $timeout ) || die "Unable to connect with read account"; my $mesg = $ad->bind ("$ad_read_dn", password => $ad_read_p, version => 3 ) || die "Unable to bind\n"; $mesg = $ad->search( base => '', filter => "(objectclass=*)", scope => 'base' ); my $ret = 1; my $tc = Net::LDAPS->new($ad_host, port => $ad_port, timeout => $timeout ) || die "Unable to connect with read account"; my @entries = ($mesg->entries); print "Doing base query. Scanning for root domain naming context\n"; foreach my $entry (@entries) { my $root_dn = $entry->get_value('rootDomainNamingContext'); print " Got root db: $root_dn\n"; $mesg = $ad->search ( base => $root_dn, filter => "(samaccountname=$p4_user)", scope => 'sub', attrs => ['mail'] ) || next; my @users = ($mesg->entries); print "Checking if user exists here\n"; next if (! defined $users[0]); print "User is defined\n"; print "Attempting to bind ".$users[0]->dn()."with password $password\n"; $mesg = $tc->bind(dn => $users[0]->dn(), password => $password) || next; print "Got message back\n"; if (! $mesg->code) { $ret = 0; last } print "Seem to have gotten an error code skipped last exit.\nError Code: ".$mesg->error."\n"; } if ($ret) { print "Authentication Failed. Access Denied\n" } exit $ret;
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#2 | 26652 | Robert Cowham |
This is Tom's change: Introduced new 'Unsupported' directory to clarify that some files in the SDP are not officially supported. These files are samples for illustration, to provide examples, or are deprecated but not yet ready for removal from the package. The Maintenance and many SDP triggers have been moved under here, along with other SDP scripts and triggers. Added comments to p4_vars indicating that it should not be edited directly. Added reference to an optional site_global_vars file that, if it exists, will be sourced to provide global user settings without needing to edit p4_vars. As an exception to the refactoring, the totalusers.py Maintenance script will be moved to indicate that it is supported. Removed settings to support long-sunset P4Web from supported structure. Structure under new .../Unsupported folder is: Samples/bin Sample scripts. Samples/triggers Sample trigger scripts. Samples/triggers/tests Sample trigger script tests. Samples/broker Sample broker filter scripts. Deprecated/triggers Deprecated triggers. To Do in a subsequent change: Make corresponding doc changes. |
||
#1 | 16784 | C. Thomas Tyler |
Routine Merge Down to dev from main using: p4 -s merge -n -b perforce_software-sdp-dev |
||
//guest/perforce_software/sdp/dev/Server/Unix/p4/common/bin/triggers/AD_ssl_auth_debug.pl | |||||
#3 | 16029 | C. Thomas Tyler |
Routine merge to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
#2 | 12107 | C. Thomas Tyler |
Routine merge down from 'main' to 'dev', resolved with 'p4 resolve -as'. |
||
#1 | 10638 | C. Thomas Tyler | Populate perforce_software-sdp-dev. | ||
//guest/perforce_software/sdp/main/Server/Unix/p4/common/bin/triggers/AD_ssl_auth_debug.pl | |||||
#1 | 10148 | C. Thomas Tyler | Promoted the Perforce Server Deployment Package to The Workshop. |