LDAPConfig

Version 4.0.24.18
Datatype
Description
(object)
object
can
object
Operations the current user is able to perform on this object
alternate_email_login_allowed
boolean
Allow alternate email-based login via '/login/email' for admins and for specified users with the 'login_special_email' permission. This option is useful as a fallback during ldap setup, if ldap config problems occur later, or if you need to support some users who are not in your ldap directory. Looker email/password logins are always disabled for regular users when ldap is enabled.
auth_password
string
(Write-Only) Password for the LDAP account used to access the LDAP server
auth_requires_role
boolean
Users will not be allowed to login at all unless a role for them is found in LDAP if set to true
auth_username
string
Distinguished name of LDAP account used to access the LDAP server
connection_host
string
LDAP server hostname
connection_port
string
LDAP host port
connection_tls
boolean
Use Transport Layer Security
connection_tls_no_verify
boolean
Do not verify peer when using TLS
default_new_user_group_ids
string[]
default_new_user_groups
Group[]
Expand Group definition...
can
object
Operations the current user is able to perform on this object
can_add_to_content_metadata
boolean
Group can be used in content access controls
contains_current_user
boolean
Currently logged in user is group member
external_group_id
string
External Id group if embed group
externally_managed
boolean
Group membership controlled outside of Looker
id
string
Unique Id
include_by_default
boolean
New users are added to this group by default
name
string
Name of group
user_count
integer
Number of users included in this group
default_new_user_role_ids
string[]
default_new_user_roles
Role[]
Expand Role definition...
can
object
Operations the current user is able to perform on this object
id
string
Unique Id
name
string
Name of Role
permission_set
(Read only) Permission set
Expand PermissionSet definition...
can
object
Operations the current user is able to perform on this object
all_access
boolean
built_in
boolean
id
string
Unique Id
name
string
Name of PermissionSet
permissions
string[]
url
string
Link to get this item
permission_set_id
string
(Write-Only) Id of permission set
model_set
(Read only) Model set
Expand ModelSet definition...
can
object
Operations the current user is able to perform on this object
all_access
boolean
built_in
boolean
id
string
Unique Id
models
string[]
name
string
Name of ModelSet
url
string
Link to get this item
model_set_id
string
(Write-Only) Id of model set
url
string
Link to get this item
users_url
string
Link to get list of users with this role
enabled
boolean
Enable/Disable LDAP authentication for the server
force_no_page
boolean
Don't attempt to do LDAP search result paging (RFC 2696) even if the LDAP server claims to support it.
groups
Expand LDAPGroupRead definition...
id
string
Unique Id
looker_group_id
string
Unique Id of group in Looker
looker_group_name
string
Name of group in Looker
name
string
Name of group in LDAP
roles
Role[]
Expand Role definition...
can
object
Operations the current user is able to perform on this object
id
string
Unique Id
name
string
Name of Role
permission_set
(Read only) Permission set
permission_set_id
string
(Write-Only) Id of permission set
model_set
(Read only) Model set
model_set_id
string
(Write-Only) Id of model set
url
string
Link to get this item
users_url
string
Link to get list of users with this role
url
string
Link to ldap config
groups_base_dn
string
Base dn for finding groups in LDAP searches
groups_finder_type
string
Identifier for a strategy for how Looker will search for groups in the LDAP server
groups_member_attribute
string
LDAP Group attribute that signifies the members of the groups. Most commonly 'member'
groups_objectclasses
string
Optional comma-separated list of supported LDAP objectclass for groups when doing groups searches
groups_user_attribute
string
LDAP Group attribute that signifies the user in a group. Most commonly 'dn'
groups_with_role_ids
Expand LDAPGroupWrite definition...
id
string
Unique Id
looker_group_id
string
Unique Id of group in Looker
looker_group_name
string
Name of group in Looker
name
string
Name of group in LDAP
role_ids
string[]
url
string
Link to ldap config
has_auth_password
boolean
(Read-only) Has the password been set for the LDAP account used to access the LDAP server
merge_new_users_by_email
boolean
Merge first-time ldap login to existing user account by email addresses. When a user logs in for the first time via ldap this option will connect this user into their existing account by finding the account with a matching email address. Otherwise a new user account will be created for the user.
modified_at
string
When this config was last modified
modified_by
string
User id of user who last modified this config
set_roles_from_groups
boolean
Set user roles in Looker based on groups from LDAP
test_ldap_password
string
(Write-Only) Test LDAP user password. For ldap tests only.
test_ldap_user
string
(Write-Only) Test LDAP user login id. For ldap tests only.
user_attribute_map_email
string
Name of user record attributes used to indicate email address field
user_attribute_map_first_name
string
Name of user record attributes used to indicate first name
user_attribute_map_last_name
string
Name of user record attributes used to indicate last name
user_attribute_map_ldap_id
string
Name of user record attributes used to indicate unique record id
user_attributes
Expand LDAPUserAttributeRead definition...
name
string
Name of User Attribute in LDAP
required
boolean
Required to be in LDAP assertion for login to be allowed to succeed
user_attributes
Expand UserAttribute definition...
can
object
Operations the current user is able to perform on this object
id
string
Unique Id
name
string
Name of user attribute
label
string
Human-friendly label for user attribute
type
string
Type of user attribute ("string", "number", "datetime", "yesno", "zipcode", "advanced_filter_string", "advanced_filter_number")
default_value
string
Default value for when no value is set on the user
is_system
boolean
Attribute is a system default
is_permanent
boolean
Attribute is permanent and cannot be deleted
value_is_hidden
boolean
If true, users will not be able to view values of this attribute
user_can_view
boolean
Non-admin users can see the values of their attributes and use them in filters
user_can_edit
boolean
Users can change the value of this attribute for themselves
hidden_value_domain_whitelist
string
Destinations to which a hidden attribute may be sent. Once set, cannot be edited.
url
string
Link to ldap config
user_attributes_with_ids
Expand LDAPUserAttributeWrite definition...
name
string
Name of User Attribute in LDAP
required
boolean
Required to be in LDAP assertion for login to be allowed to succeed
user_attribute_ids
string[]
url
string
Link to ldap config
user_bind_base_dn
string
Distinguished name of LDAP node used as the base for user searches
user_custom_filter
string
(Optional) Custom RFC-2254 filter clause for use in finding user during login. Combined via 'and' with the other generated filter clauses.
user_id_attribute_names
string
Name(s) of user record attributes used for matching user login id (comma separated list)
user_objectclass
string
(Optional) Name of user record objectclass used for finding user during login id
allow_normal_group_membership
boolean
Allow LDAP auth'd users to be members of non-reflected Looker groups. If 'false', user will be removed from non-reflected groups on login.
allow_roles_from_normal_groups
boolean
LDAP auth'd users will be able to inherit roles from non-reflected Looker groups.
allow_direct_roles
boolean
Allows roles to be directly assigned to LDAP auth'd users.
url
string
Link to get this item