Defining LDAP-related configurables

To use LDAP authentication, you must set a number of authentication-related configurables:

  • auth.ldap.order.N - enables an LDAP server and specifies the order in which it should be searched.
  • auth.default.method - specifies whether new users should be authenticated by Helix Server or using LDAP.
    • If auth.default.method=perforce and you want only the Helix Server superuser to create new users, set dm.user.noautocreate to 2 explicitly.
    • If auth.default.method=ldap, dm.user.noautocreate is 2 implicitly.
  • auth.ldap.userautocreate - specifies whether new users should be automatically created on login when using LDAP authentication. This requires auth.default.method=ldap.

    You can set the getattrs Options field of the LDAP configuration to have the FullName and Email fields populated from the directory.

  • auth.ldap.timeout - time to wait before giving up on a connection attempt.
  • auth.ldap.cafile - the path to a file used for certification when the LDAP server uses SSL or TLS.
  • auth.ldap.ssllevel - level of SSL certificate validation.
  • auth.ldap.pagesize - helps you manage LDAP searches with paged results by setting limits to page size.

For example, the following commands define the search order for active directories and the default authentication method for new users to be perforce:

$ p4 configure set auth.ldap.order.1=UK_LDAP
$ p4 configure set auth.ldap.order.2=US_LDAP
$ p4 configure set auth.ldap.order.5=RU_LDAP
$ p4 configure set auth.default.method=perforce

For additional information about authentication-related configurables, see the Configurables in the Helix Core Command-Line (P4) Reference.