Defining LDAP-related configurables
To use LDAP authentication, you must set a number of authentication-related configurables:
- auth.ldap.order.N - enables an LDAP server and specifies the order in which it should be searched.
- auth.default.method - specifies whether new users should
be authenticated by
Helix Core Server
or using LDAP.
- If auth.default.method=perforce and you want only the Helix Core Server superuser to create new users, set
dm.user.noautocreateto 2 explicitly. - If auth.default.method=ldap,
dm.user.noautocreateis 2 implicitly.
- If auth.default.method=perforce and you want only the Helix Core Server superuser to create new users, set
-
auth.ldap.userautocreate - specifies whether new users should be automatically created on login when using LDAP authentication. This requires
auth.default.method=ldap.You can set the
getattrsOptions field of the LDAP configuration to have theFullNameandEmailfields populated from the directory. - auth.ldap.timeout - time to wait before giving up on a connection attempt.
- auth.ldap.cafile - the path to a file used for certification when the LDAP server uses SSL or TLS.
- auth.ldap.ssllevel - level of SSL/TLS certificate validation.
- auth.ldap.pagesize - helps you manage LDAP searches with paged results by setting limits to page size.
For example, the following commands use a p4 configure set command to define the search order
for active directories and the default authentication method for new
users to be perforce:
Copy
p4 configure set auth.ldap.order.1=UK_LDAP
p4 configure set auth.ldap.order.2=US_LDAP
p4 configure set auth.ldap.order.5=RU_LDAP
p4 configure set auth.default.method=perforceTo learn more, see the Categories of Configurables in the Helix Core Command-Line (P4) Reference.