Defining LDAP-related configurables
To use LDAP authentication, you must set a number of authentication-related configurables:
- auth.ldap.order.N - enables an LDAP server and specifies the order in which it should be searched.
- auth.default.method - specifies whether new users should
be authenticated by
Helix Server
or using LDAP.
- If auth.default.method=perforce and you want only the Helix Server superuser to create new users, set
dm.user.noautocreateto 2 explicitly. - If auth.default.method=ldap,
dm.user.noautocreateis 2 implicitly.
- If auth.default.method=perforce and you want only the Helix Server superuser to create new users, set
-
auth.ldap.userautocreate - specifies whether new users should be automatically created on login when using LDAP authentication. This requires
auth.default.method=ldap.You can set the
getattrsOptions field of the LDAP configuration to have theFullNameandEmailfields populated from the directory. - auth.ldap.timeout - time to wait before giving up on a connection attempt.
- auth.ldap.cafile - the path to a file used for certification when the LDAP server uses SSL or TLS.
- auth.ldap.ssllevel - level of SSL certificate validation.
- auth.ldap.pagesize - helps you manage LDAP searches with paged results by setting limits to page size.
For example, the following commands define the search order
for active directories and the default authentication method for new
users to be perforce:
$ p4 configure set auth.ldap.order.1=UK_LDAP
$ p4 configure set auth.ldap.order.2=US_LDAP
$ p4 configure set auth.ldap.order.5=RU_LDAP
$ p4 configure set auth.default.method=perforce
For additional information about authentication-related configurables, see the Configurables in the Helix Core Command-Line (P4) Reference.
