You are viewing the documentation for a prerelease version.

View Latest

setting-ldap

Configure LDAP

SYNOPSIS

couchbase-cli setting-ldap [--cluster <url>] [--username <user>]
    [--password <password>] [--authentication-enabled <1|0>]
    [--authorization-enabled <1|0>] [--hosts <host_list>] [--port <port>]
    [--encryption <tls|startTLS|none>] [--disable-cert-validation]
    [--ldap-cacert <path>] [--user-dn-mapping <mapping>][--request-timeout <ms>]
    [--max-parallel <max>] [--max-cache-size <size>]
    [--cache-value-lifetime <ms>] [--query-dn <dn>] [--query-pass <pass>]
    [--group-query <query>] [--enable-nested-groups <0|1>]
    [--nested-group-max-depth <depth>]

DESCRIPTION

This command allows administrators to configure and connect LDAP servers.

OPTIONS

-c
--cluster

Specifies the hostname of a node in the cluster. See the HOST FORMATS section for more information on specifying a hostname.

-u
--user <username>

Specifies the username of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error.

-p
--password <password>

Specifies the password of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error. If this argument is specified, but no password is given then the command will prompt the user for a password through non-echoed stdin. You may also specify your password by using the environment variable CB_REST_PASSWORD.

--authentication-enabled <1|0>

Enables using LDAP to authenticate users

--authorization-enabled <1|0>

Enables using LDAP to give users authorization

--hosts <host_list>

Specifies a comma separated list of LDAP hosts.

--port <port>

LDAP port.

--encryption <tls|startTLS|none>

Security used to communicate with LDAP servers. Supported options [tls, startTLS, none].

--disable-cert-validation

Disable server certificate validation.

--ldap-cacert <path>

CA certificate to be used for server’s certificate validation, required if certificate validation is not disabled

--request-timeout <ms>

The timeout for LDAP requests in milliseconds.

--user-dn-mapping <mapping>

User to distinguished name (DN), if not specified username is used as user’s DN.

--max-parallel-connections <max>

Maximum number of parallel connections that can be established with LDAP servers.

--max-cache-size <size>

Maximum number of requests that can be cached, defaults to 10000.

--cache-value-lifetime <ms>

Lifetime of values in cache in milliseconds. Default 300000 ms.

--query-dn <dn>

DN for user search and groups synchronization

--query-pass <pass>

Password for user search and groups synchronization

--group-query <query>

LDAP query, to get the users' groups by username in RFC4516 format. The %u and %D placeholders can be used, for username and user’s DN respectively. If attribute is present in the query, the list of attribute values in the search result is considered as list of user’s groups (single entry result is expected): for example: '%D?memberOf?base'. If the attribute is not present in the query, every returned entry is considered a group, for example: 'ou=groups,dc=example,dc=com??one?(member=%D)'

--nested-groups-enabled <0|1>

If enabled Couchbase server will try to recursively search for groups for every discovered ldap group.

--nested-groups-max-depth <depth>

Maximum number of recursive groups requests the server is allowed to perform. This option is only valid when nested groups are enabled. The depth is an integer between 1 and 100, default is 10.

ENVIRONMENT AND CONFIGURATION VARIABLES

CB_REST_USERNAME

Specifies the username to use when executing the command. This environment variable allows you to specify a default argument for the -u/--username argument on the command line.

CB_REST_PASSWORD

Specifies the password of the user executing the command. This environment variable allows you to specify a default argument for the -p/--password argument on the command line. It also allows the user to ensure that their password are not cached in their command line history.

SEE ALSO

COUCHBASE-CLI

Part of the couchbase-cli suite