p4 ldapsync

Synchronize Helix Server users and group memberships with LDAP groups.

Syntax

p4 [g-opts] ldapsync -g [-n] [-i N] [group ...]
p4 [g-opts] ldapsync -u [ -c -U -d ] [ -n ] [ -i N] [ ldap ... ]

Syntax conventions

Description

When run with the -g option specified, this command updates the users lists in Helix Server groups to match the lists of members in LDAP groups.

Tip

Any users that are not Active Directory members are removed.

If one or more group names are provided, only those groups are updated. If no groups are provided, all groups with LDAP configurations are updated.

When run with the -u option specified, this command updates the Helix Server users to match those in the LDAP. This works by querying each LDAP server defined by the LDAP specifications passed in the arguments. The LDAP specification’s SearchFilter is used to query the LDAP server with the %user% placeholder expanded to * in order to identify all LDAP users. The three Attribute* fields are used to map LDAP result to the Helix Server user’s username, full name and email address. All provided LDAP specifications are queried to build a full, combined list of LDAP users before any changes to the Helix Server users are made.

Note

p4 ldapsync requires super access granted by p4 protect.

To keep users or groups with LDAP configurations in sync with their LDAP counterparts, p4 ldapsync can be set as a startup command that runs in the background. See the final example in the Examples section.

The user synchronization has three actions that must be enabled separately by specifying the appropriate flags:

To create new users found in the LDAP servers that do not yet exist in Helix Server	use the -c option
To update full name and email address of any existing Helix Server users found in the LDAP servers	use the `-U` option
To delete Helix Server users not found in any of the LDAP servers	use the `-d` option

Tip

You can track the activity of p4 ldapsync. See ldapsync.csv at p4 logparse.

Options

`-u`	Allows users to be created, updated, or deleted based on users found in LDAP servers. This works by querying each LDAP server defined by the LDAP specifications passed in the arguments. The LDAP specification's SearchFilter is used to query the LDAP server with the %user% placeholder expanded to * to identify all LDAP users. The three Attribute* fields are used to map LDAP result to the Perforce: user's username full name email address All provided LDAP specifications are queried to build a full, combined list of LDAP users before any changes to the Perforce users are made. Note: The usernames of members added to a Perforce group by p4 ldapsync can be normalised into lowercase by setting the downcase option in the LDAP spec.
`-c`	Creates any new users found in the LDAP servers that do not yet exist in Helix Server. The `AuthMethod` will be set to `ldap` and `Type` set to `standard`.
`-d`	Deletes any Helix Server users not found in the LDAP servers, provided that the user is of `Typestandard` and `AuthMethod` is `ldap`.
`-g`	Required to specify groups. Updates the users lists in Perforce groups to match the lists of members in LDAP groups. If one or more group names are provided, only those groups are updated. If no groups are provided, then all groups with LDAP configurations will be updated.
`-i N`	Automatically repeats the command every `N` seconds. If this option is not specified, the command executes once and exits.
`-n`	Preview the operation and show the users or groups that would be affected without taking any action.
group	The name of a Helix Server group that must be updated when changes to the corresponding LDAP group take place. If no group names are specified, all groups with LDAP configurations are updated.
`-U`	Updates the full name and email address of any existing Helix Server users found in the LDAP servers, provided that: the user is of `Type` standard the `AuthMethod` is ldap the values differ For a detailed walkthrough, see the Support Knowledgebase article, "Configuring ldapsync".
`g-opts`	See Global options.

Usage Notes

Can File Arguments Use Revision Specifier?	Can File Arguments Use Revision Range?	Minimal Access Level Required
N/A	N/A	`super`

Examples

To update the groups for which LDAP configurations have been defined:

p4 ldapsync -g

To configure a start up command that updates the groups every 30 minutes:

p4 configure set "myServer#startup.1=ldapsync -g -i 1800"

Note

This example assumes you have set serverID (see p4 serverid) to the server where you want to set startup.n, which is one of the Configurables.

Related Commands

To view a list of all LDAP configurations	`p4 ldaps`
To create or edit an LDAP configuration	`p4 ldap`
To define LDAP-related configurables	`p4 configure`
To define LDAP configurations for a Helix Server group spec	`p4 group`