Perforce Public Knowledge Base - Using P4LOGINSSO and LDAP together
× PRODUCTS SOLUTIONS CUSTOMERS LEARN SUPPORT
Downloads Blog Company Integrations Careers Contact Try Free
Menu Search
Perforce
Reset Search
 

 

Article

Using P4LOGINSSO and LDAP together

« Go Back

Information

 
Problem
How do I enable some users to use LDAP and other users to use singe sign-on?
Solution

You can enable both LDAP and P4LOGINSSO single sign-on triggers

First, enable native LDAP using

If native LDAP is enabled, the P4LOGINSSO trigger will only be used if AuthMethod: ldap is set and the variable P4LOGINSSO is set. Users using AuthMethod: perforce will use Perforce authentication.  Users using AuthMethod: ldap without the P4LOGINSSO variable will use ldap authentication.


In this example, we first set up P4LOGINSSO through the simple example in Setting up Single Sign-On (P4LOGINSSO).

1. If native LDAP is disabled, the P4LOGINSSO trigger will be used:

$ p4 configure unset auth.default.method
For server 'any', configuration variable 'auth.default.method' removed.
$ p4 configure unset auth.ldap.order.1
For server 'any', configuration variable 'auth.ldap.order.1' removed.
$ p4 configure unset auth.ldap.order.2
For server 'any', configuration variable 'auth.ldap.order.2' removed.

$ p4 admin restart

$ p4 logout
User rfong logged out.

$ p4 login -s
Perforce password (P4PASSWD) invalid or unset.

$ p4 login
The user is rfong
The client is Randall_Perl
The serverport is 10.20.0.242:20172
Server side script sees: Test String from rfong at Randall_Perl from machine 10.20.0.242:20172
User rfong logged in.


2. If native LDAP is enabled, the P4LOGINSSO trigger will only be used if AuthMethod: ldap is set and the variable P4LOGINSSO is set. Users using AuthMethod: perforce will use Perforce authentication.  Users using AuthMethod: ldap without the P4LOGINSSO variable will use LDAP authentication.

First, enable native LDAP

$ p4 configure set auth.default.method=ldap
For server 'any', configuration variable 'auth.default.method' set to 'ldap'

$ p4 configure set auth.ldap.order.1=mysimple
For server 'any', configuration variable 'auth.ldap.order.1' set to 'mysimple'

$ p4 configure set auth.ldap.order.2=mysearch
For server 'any', configuration variable 'auth.ldap.order.2' set to 'mysearch'

$ p4 configure show allservers | grep ldap
any: auth.default.method = ldap
any: auth.ldap.order.1 = mysimple
any: auth.ldap.order.2 = mysearch
any: auth.ldap.userautocreate = 1
gabriel: auth.ldap.order.1 = simple

$ p4 admin restart$ p4 configure show | grep ldap
auth.default.method=ldap (configure)
auth.ldap.order.1=mysimple (configure)
auth.ldap.order.2=mysearch (configure)
auth.ldap.userautocreate=1 (configure)

 

A. With native LDAP enabled and AuthMethod: perforce set, the user will log in with Perforce authentication.

$ p4 logout
User rfong logged out.

$ p4 login -s
Perforce password (P4PASSWD) invalid or unset.

$ p4 login
Enter password:
User rfong logged in.

$ p4 user -o rfong | grep AuthMethod
#  AuthMethod:  'perforce' if using standard authentication or 'ldap' if
AuthMethod:     perforce

B. With native LDAP enabled and AuthMethod: ldap set and the P4LOGINSSO variable is set, the user will use P4LOGINSSO.

$ p4 configure set auth.ldap.order.1=mysimple
For server 'any', configuration variable 'auth.ldap.order.1' set to 'mysimple'

$ p4 configure set auth.ldap.order.2=mysearch
For server 'any', configuration variable 'auth.ldap.order.2' set to 'mysearch'

$ p4 configure set auth.default.method=ldap
For server 'any', configuration variable 'auth.default.method' set to 'ldap'

$ p4 admin restart
$ export P4LOGINSSO=/home/rfong/perforce/ssoclientside

$ p4 set
<snip>
P4LOGINSSO=/home/rfong/perforce/ssoclientside
<snip>

$ p4 -u randall login
The user is randall
The client is Randall_Perl
The serverport is 10.20.0.242:20172
Server side script sees: Test String from randall at Randall_Perl from machine 10.20.0.242:20172
User randall logged in.

$ p4 user -o randall | grep AuthMethod
#  AuthMethod:  'perforce' if using standard authentication or 'ldap' if
AuthMethod:     ldap
$

C. With native LDAP enabled and AuthMethod: ldap set but the P4LOGINSSO variable is not set, the user will log in with LDAP password.

$ p4 -u randall set | grep P4LOGINSSO
P4LOGINSSO=/home/rfong/perforce/ssoclientside
$ unset P4LOGINSSO
$ p4 -u randall set | grep P4LOGINSSO
$
$ p4 -u randall login
Enter password:
User randall logged in.

$ p4 user -o randall | grep AuthMethod
#  AuthMethod:  'perforce' if using standard authentication or 'ldap' if
AuthMethod:     ldap

See https://swarm.workshop.perforce.com/projects/Jhalbig2-server-release-notes/

Minor new functionality in 2016.1

 

#1240991 (Bug #79755) **
    SSO authentication triggers may now be used in with when native LDAP
    authentication is enabled. In this case, users who authenticate by
    LDAP can set a client-side SSO script instead of being prompted for
    a password. Provided that the SSO trigger succeeds, the active LDAP
    configurations are used to confirm that the user exists in at least
    one LDAP server; the user must also pass the group authorization
    check if configured. SSO triggers will not be called for users who
    do not authenticated against LDAP.



 
Related Links

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255