Open topic with navigation

p4 ldapsync

Synchronize Helix Core users and group memberships with LDAP groups.

Syntax

p4 [gopts] ldapsync -g [-n] [-i N] [group ...] 
p4 [gopts] ldapsync -u [ -c -U -d ] [ -n ] [ -i N] [ ldap ... ]

Description

When run with the -g option specified, this command updates the users lists in Helix Core groups to match the lists of members in LDAP groups. If one or more group names are provided, only those groups are updated; if no groups are provided, then all groups with LDAP configurations will be updated.

When run with the -u option specified, this command updates the Helix Core users to match those in the LDAP. This works by querying each LDAP server defined by the LDAP specifications passed in the arguments. The LDAP specification’s SearchFilter is used to query the LDAP server with the %user% placeholder expanded to * in order to identify all LDAP users. The three Attribute* fields are used to map LDAP result to the Helix Core user’s username, full name and email address. All provided LDAP specifications are queried to build a full, combined list of LDAP users before any changes to the Helix Core users are made.

Note

p4 ldapsync requires super access granted by p4 protect.

To keep users or groups with LDAP configurations in sync with their LDAP counterparts, p4 ldapsync can be set as a startup command, and will run in the background.

The user synchronization has three actions that must be enabled separately by specifying the appropriate flags:

Options

-c

Creates any new users found in the LDAP servers that do not yet exist in Helix Core. The AuthMethod will be set to ldap and Type set to standard.

-d

Deletes any Helix Core users not found in the LDAP servers, provided that the user is of Typestandard and AuthMethod is ldap.

-g

Required to specify groups.

-i N

Automatically repeates the command every N seconds.

If this option is not specified, the command executes once and exits.

-n

Preview the operation and show the users or groups that would be affected without taking any action.

group

The name of a Helix Core group that must be updated when changes to the corresponding LDAP group take place. If no group names are specified, all groups with LDAP configurations are updated.

-U

Updates the full name and email address of any existing Helix Core users found in the LDAP servers, provided that the user is of Type standard and the AuthMethod is ldap and that the values differ.

Usage Notes

Can File Arguments Use Revision Specifier? Can File Arguments Use Revision Range? Minimal Access Level Required

N/A

N/A

super

Examples

p4 ldapsync -g

Updates all groups for which LDAP configurations have been defined.

Related Commands

To view a list of all LDAP configurations

p4 ldaps

To create or edit an LDAP configuration

p4 ldap

To define LDAP-related configurables

p4 configure

To define LDAP configurations for a Helix Core group spec

p4 group