Defining LDAP-related configurables
To use LDAP authentication, you must set a number of authentication-related configurables:
- auth.ldap.order.N - enables an LDAP server and specifies the order in which it should be searched.
- auth.default.method - specifies whether new users should
be authenticated by
Helix Core Server
or using LDAP.
- If auth.default.method=perforce and you want only the Helix Core Server superuser to create new users, set
dm.user.noautocreate
to 2 explicitly. - If auth.default.method=ldap,
dm.user.noautocreate
is 2 implicitly.
- If auth.default.method=perforce and you want only the Helix Core Server superuser to create new users, set
-
auth.ldap.userautocreate - specifies whether new users should be automatically created on login when using LDAP authentication. This requires
auth.default.method=ldap
.You can set the
getattrs
Options field of the LDAP configuration to have theFullName
andEmail
fields populated from the directory. - auth.ldap.timeout - time to wait before giving up on a connection attempt.
- auth.ldap.cafile - the path to a file used for certification when the LDAP server uses SSL or TLS.
- auth.ldap.ssllevel - level of SSL certificate validation.
- auth.ldap.pagesize - helps you manage LDAP searches with paged results by setting limits to page size.
For example, the following commands define the search order
for active directories and the default authentication method for new
users to be perforce
:
p4 configure set auth.ldap.order.1=UK_LDAP
p4 configure set auth.ldap.order.2=US_LDAP
p4 configure set auth.ldap.order.5=RU_LDAP
p4 configure set auth.default.method=perforce
For additional information about authentication-related configurables, see the Configurables in the Helix Core Command-Line (P4) Reference.