p4 ldapsync

Synchronize Helix Server users and group memberships with LDAP groups.

Syntax

p4 [gopts] ldapsync -g [-n] [-i N] [group ...]
p4 [gopts] ldapsync -u [ -c -U -d ] [ -n ] [ -i N] [ ldap ... ]

Description

When run with the -g option specified, this command updates the users lists in Helix Server groups to match the lists of members in LDAP groups. If one or more group names are provided, only those groups are updated. If no groups are provided, all groups with LDAP configurations are updated.

When run with the -u option specified, this command updates the Helix Server users to match those in the LDAP. This works by querying each LDAP server defined by the LDAP specifications passed in the arguments. The LDAP specification’s SearchFilter is used to query the LDAP server with the %user% placeholder expanded to * in order to identify all LDAP users. The three Attribute* fields are used to map LDAP result to the Helix Server user’s username, full name and email address. All provided LDAP specifications are queried to build a full, combined list of LDAP users before any changes to the Helix Server users are made.

Note

p4 ldapsync requires super access granted by p4 protect.

To keep users or groups with LDAP configurations in sync with their LDAP counterparts, p4 ldapsync can be set as a startup command that runs in the background. See the final example in the Examples section.

The user synchronization has three actions that must be enabled separately by specifying the appropriate flags:

To create new users found in the LDAP servers that do not yet exist in Helix Server use the -c option
To update full name and email address of any existing Helix Server users found in the LDAP servers use the -U option
To delete Helix Server users not found in any of the LDAP servers use the -d option
Tip

You can track the activity of p4 ldapsync. See ldapsync.csv at p4 logparse.

Options

-c

Creates any new users found in the LDAP servers that do not yet exist in Helix Server. The AuthMethod will be set to ldap and Type set to standard.

-d

Deletes any Helix Server users not found in the LDAP servers, provided that the user is of Typestandard and AuthMethod is ldap.

-g

Required to specify groups.

-i N

Automatically repeats the command every N seconds.

If this option is not specified, the command executes once and exits.

-n

Preview the operation and show the users or groups that would be affected without taking any action.

group

The name of a Helix Server group that must be updated when changes to the corresponding LDAP group take place. If no group names are specified, all groups with LDAP configurations are updated.

-U

Updates the full name and email address of any existing Helix Server users found in the LDAP servers, provided that:

  • the user is of Type standard
  • the AuthMethod is ldap
  • the values differ

For a detailed walkthrough, see the Support Knowledgebase article, "Configuring ldapsync".

Usage Notes

Can File Arguments Use Revision Specifier? Can File Arguments Use Revision Range? Minimal Access Level Required

N/A

N/A

super

Examples

To update the groups for which LDAP configurations have been defined:

p4 ldapsync -g

To configure a start up command that updates the groups every 30 minutes:

p4 configure set "myServer#startup.1=ldapsync -g -i 1800"

Note

This example uses startup.n, which is one of the Configurables.

Related Commands

To view a list of all LDAP configurations

p4 ldaps

To create or edit an LDAP configuration

p4 ldap

To define LDAP-related configurables

p4 configure

To define LDAP configurations for a Helix Server group spec

p4 group

Additional product documentation
Perforce training portal
Perforce video library
Perforce knowledge base
Perforce customer support
Email us at: manual@perforce.com