Stay organized with collections
Save and categorize content based on your preferences.
Version 4.0.25.14 (latest)
Test the user authentication settings for an LDAP configuration without authenticating the user.
This test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user.
This test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server.
Operations the current user is able to perform on this object
alternate_email_login_allowed
boolean
Allow alternate email-based login via '/login/email' for admins and for specified users with the 'login_special_email' permission. This option is useful as a fallback during ldap setup, if ldap config problems occur later, or if you need to support some users who are not in your ldap directory. Looker email/password logins are always disabled for regular users when ldap is enabled.
auth_password
string
(Write-Only) Password for the LDAP account used to access the LDAP server
auth_requires_role
boolean
Users will not be allowed to login at all unless a role for them is found in LDAP if set to true
auth_username
string
Distinguished name of LDAP account used to access the LDAP server
(Read-only) Has the password been set for the LDAP account used to access the LDAP server
merge_new_users_by_email
boolean
Merge first-time ldap login to existing user account by email addresses. When a user logs in for the first time via ldap this option will connect this user into their existing account by finding the account with a matching email address. Otherwise a new user account will be created for the user.
modified_at
lock
string
When this config was last modified
modified_by
lock
string
User id of user who last modified this config
set_roles_from_groups
boolean
Set user roles in Looker based on groups from LDAP
test_ldap_password
string
(Write-Only) Test LDAP user password. For ldap tests only.
test_ldap_user
string
(Write-Only) Test LDAP user login id. For ldap tests only.
user_attribute_map_email
string
Name of user record attributes used to indicate email address field
user_attribute_map_first_name
string
Name of user record attributes used to indicate first name
user_attribute_map_last_name
string
Name of user record attributes used to indicate last name
user_attribute_map_ldap_id
string
Name of user record attributes used to indicate unique record id
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-20 UTC."],[],[],null,["# Test LDAP User Info\n\nVersion 4.0.25.14 (latest)\n\n### Test the user authentication settings for an LDAP configuration without authenticating the user.\n\nThis test will let you easily test the mapping for user properties and roles for any user withoutneeding to authenticate as that user.\n\nThis test accepts a full LDAP configuration along with a username and attempts to find the full infofor the user from the LDAP server without actually authenticating the user. So, user password is notrequired.The configuration is validated before attempting to contact the server.\n\n**test_ldap_user** is required.\n\nThe active LDAP settings are not modified.\n\nCalls to this endpoint may be denied by [Looker (Google Cloud core)](https://cloud.google.com/looker/docs/r/looker-core/overview).\n\nRequest\n-------\n\nPUT /ldap_config/test_user_info \nDatatype \nDescription \nRequest \nHTTP Request \nbody \nHTTP Body \nExpand HTTP Body definition... \nbody \n[LDAPConfig](/looker/docs/reference/looker-api/latest/types/LDAPConfig) \nLDAP Config\nExpand LDAPConfig definition... \ncan \n*lock* \nobject \nOperations the current user is able to perform on this object \nalternate_email_login_allowed \nboolean \nAllow alternate email-based login via '/login/email' for admins and for specified users with the 'login_special_email' permission. This option is useful as a fallback during ldap setup, if ldap config problems occur later, or if you need to support some users who are not in your ldap directory. Looker email/password logins are always disabled for regular users when ldap is enabled. \nauth_password \nstring \n(Write-Only) Password for the LDAP account used to access the LDAP server \nauth_requires_role \nboolean \nUsers will not be allowed to login at all unless a role for them is found in LDAP if set to true \nauth_username \nstring \nDistinguished name of LDAP account used to access the LDAP server \nconnection_host \nstring \nLDAP server hostname \nconnection_port \nstring \nLDAP host port \nconnection_tls \nboolean \nUse Transport Layer Security \nconnection_tls_no_verify \nboolean \nDo not verify peer when using TLS \ndefault_new_user_group_ids \nstring\\[\\] \ndefault_new_user_groups \n[Group](/looker/docs/reference/looker-api/latest/types/Group)\\[\\] \ndefault_new_user_role_ids \nstring\\[\\] \ndefault_new_user_roles \n[Role](/looker/docs/reference/looker-api/latest/types/Role)\\[\\] \nenabled \nboolean \nEnable/Disable LDAP authentication for the server \nforce_no_page \nboolean \nDon't attempt to do LDAP search result paging (RFC 2696) even if the LDAP server claims to support it. \ngroups \n[LDAPGroupRead](/looker/docs/reference/looker-api/latest/types/LDAPGroupRead)\\[\\] \ngroups_base_dn \nstring \nBase dn for finding groups in LDAP searches \ngroups_finder_type \nstring \nIdentifier for a strategy for how Looker will search for groups in the LDAP server \ngroups_member_attribute \nstring \nLDAP Group attribute that signifies the members of the groups. Most commonly 'member' \ngroups_objectclasses \nstring \nOptional comma-separated list of supported LDAP objectclass for groups when doing groups searches \ngroups_user_attribute \nstring \nLDAP Group attribute that signifies the user in a group. Most commonly 'dn' \ngroups_with_role_ids \n[LDAPGroupWrite](/looker/docs/reference/looker-api/latest/types/LDAPGroupWrite)\\[\\] \nhas_auth_password \n*lock* \nboolean \n(Read-only) Has the password been set for the LDAP account used to access the LDAP server \nmerge_new_users_by_email \nboolean \nMerge first-time ldap login to existing user account by email addresses. When a user logs in for the first time via ldap this option will connect this user into their existing account by finding the account with a matching email address. Otherwise a new user account will be created for the user. \nmodified_at \n*lock* \nstring \nWhen this config was last modified \nmodified_by \n*lock* \nstring \nUser id of user who last modified this config \nset_roles_from_groups \nboolean \nSet user roles in Looker based on groups from LDAP \ntest_ldap_password \nstring \n(Write-Only) Test LDAP user password. For ldap tests only. \ntest_ldap_user \nstring \n(Write-Only) Test LDAP user login id. For ldap tests only. \nuser_attribute_map_email \nstring \nName of user record attributes used to indicate email address field \nuser_attribute_map_first_name \nstring \nName of user record attributes used to indicate first name \nuser_attribute_map_last_name \nstring \nName of user record attributes used to indicate last name \nuser_attribute_map_ldap_id \nstring \nName of user record attributes used to indicate unique record id \nuser_attributes \n[LDAPUserAttributeRead](/looker/docs/reference/looker-api/latest/types/LDAPUserAttributeRead)\\[\\] \nuser_attributes_with_ids \n[LDAPUserAttributeWrite](/looker/docs/reference/looker-api/latest/types/LDAPUserAttributeWrite)\\[\\] \nuser_bind_base_dn \nstring \nDistinguished name of LDAP node used as the base for user searches \nuser_custom_filter \nstring \n(Optional) Custom RFC-2254 filter clause for use in finding user during login. Combined via 'and' with the other generated filter clauses. \nuser_id_attribute_names \nstring \nName(s) of user record attributes used for matching user login id (comma separated list) \nuser_objectclass \nstring \n(Optional) Name of user record objectclass used for finding user during login id \nallow_normal_group_membership \nboolean \nAllow LDAP auth'd users to be members of non-reflected Looker groups. If 'false', user will be removed from non-reflected groups on login. \nallow_roles_from_normal_groups \nboolean \nLDAP auth'd users will be able to inherit roles from non-reflected Looker groups. \nallow_direct_roles \nboolean \nAllows roles to be directly assigned to LDAP auth'd users. \nurl \n*lock* \nstring \nLink to get this item\n\nResponse\n--------\n\n### 200: Result info.\n\nDatatype \nDescription \n(object) \n[LDAPConfigTestResult](/looker/docs/reference/looker-api/latest/types/LDAPConfigTestResult) \ndetails \n*lock* \nstring \nAdditional details for error cases \nissues \n[LDAPConfigTestIssue](/looker/docs/reference/looker-api/latest/types/LDAPConfigTestIssue)\\[\\] \nExpand LDAPConfigTestIssue definition... \nseverity \n*lock* \nstring \nSeverity of the issue. Error or Warning \nmessage \n*lock* \nstring \nMessage describing the issue \nmessage \n*lock* \nstring \nShort human readable test about the result \nstatus \n*lock* \nstring \nTest status code: always 'success' or 'error' \ntrace \n*lock* \nstring \nA more detailed trace of incremental results during auth tests \nuser \n*lock* \n[LDAPUser](/looker/docs/reference/looker-api/latest/types/LDAPUser) \nUser details from LDAP server for auth tests\nExpand LDAPUser definition... \nall_emails \nstring\\[\\] \nattributes \n*lock* \nobject \nDictionary of user's attributes (name/value) \nemail \n*lock* \nstring \nPrimary email address \nfirst_name \n*lock* \nstring \nFirst name \ngroups \nstring\\[\\] \nlast_name \n*lock* \nstring \nLast Name \nldap_dn \n*lock* \nstring \nLDAP's distinguished name for the user record \nldap_id \n*lock* \nstring \nLDAP's Unique ID for the user \nroles \nstring\\[\\] \nurl \n*lock* \nstring \nLink to ldap config \nurl \n*lock* \nstring \nLink to ldap config\n\n### 400: Bad Request\n\nDatatype \nDescription \n(object) \n[Error](/looker/docs/reference/looker-api/latest/types/Error) \nmessage \n*lock* \nstring \nError details \ndocumentation_url \n*lock* \nstring \nDocumentation link\n\n### 403: Permission Denied\n\nDatatype \nDescription \n(object) \n[Error](/looker/docs/reference/looker-api/latest/types/Error) \nmessage \n*lock* \nstring \nError details \ndocumentation_url \n*lock* \nstring \nDocumentation link\n\n### 404: Not Found\n\nDatatype \nDescription \n(object) \n[Error](/looker/docs/reference/looker-api/latest/types/Error) \nmessage \n*lock* \nstring \nError details \ndocumentation_url \n*lock* \nstring \nDocumentation link\n\n### 422: Validation Error\n\nDatatype \nDescription \n(object) \n[ValidationError](/looker/docs/reference/looker-api/latest/types/ValidationError) \nmessage \n*lock* \nstring \nError details \nerrors \n[ValidationErrorDetail](/looker/docs/reference/looker-api/latest/types/ValidationErrorDetail)\\[\\] \nExpand ValidationErrorDetail definition... \nfield \n*lock* \nstring \nField with error \ncode \n*lock* \nstring \nError code \nmessage \n*lock* \nstring \nError info message \ndocumentation_url \n*lock* \nstring \nDocumentation link \ndocumentation_url \n*lock* \nstring \nDocumentation link\n\n### 429: Too Many Requests\n\nDatatype \nDescription \n(object) \n[Error](/looker/docs/reference/looker-api/latest/types/Error) \nmessage \n*lock* \nstring \nError details \ndocumentation_url \n*lock* \nstring \nDocumentation link"]]
