Version 4.0.25.0 (latest)
Test the user authentication settings for an LDAP configuration.
This test accepts a full LDAP configuration along with a username/password pair and attempts to authenticate the user with the LDAP server. The configuration is validated before attempting the authentication.
Looker will never return an auth_password. If this request omits the auth_password field, then the auth_password value from the active config (if present) will be used for the test.
test_ldap_user and test_ldap_password are required.
The active LDAP settings are not modified.
Calls to this endpoint may be denied by Looker (Google Cloud core).
Request
PUT
/ldap_config/test_user_auth
Datatype
Description
Request
body
Expand HTTP Body definition...
body
LDAP Config
Expand LDAPConfig definition...
can
lock
Operations the current user is able to perform on this object
alternate_email_login_allowed
Allow alternate email-based login via '/login/email' for admins and for specified users with the 'login_special_email' permission. This option is useful as a fallback during ldap setup, if ldap config problems occur later, or if you need to support some users who are not in your ldap directory. Looker email/password logins are always disabled for regular users when ldap is enabled.
auth_password
(Write-Only) Password for the LDAP account used to access the LDAP server
auth_requires_role
Users will not be allowed to login at all unless a role for them is found in LDAP if set to true
auth_username
Distinguished name of LDAP account used to access the LDAP server
connection_host
LDAP server hostname
connection_port
LDAP host port
connection_tls
Use Transport Layer Security
connection_tls_no_verify
Do not verify peer when using TLS
default_new_user_group_ids
default_new_user_groups
default_new_user_role_ids
default_new_user_roles
enabled
Enable/Disable LDAP authentication for the server
force_no_page
Don't attempt to do LDAP search result paging (RFC 2696) even if the LDAP server claims to support it.
groups
groups_base_dn
Base dn for finding groups in LDAP searches
groups_finder_type
Identifier for a strategy for how Looker will search for groups in the LDAP server
groups_member_attribute
LDAP Group attribute that signifies the members of the groups. Most commonly 'member'
groups_objectclasses
Optional comma-separated list of supported LDAP objectclass for groups when doing groups searches
groups_user_attribute
LDAP Group attribute that signifies the user in a group. Most commonly 'dn'
groups_with_role_ids
has_auth_password
lock
(Read-only) Has the password been set for the LDAP account used to access the LDAP server
merge_new_users_by_email
Merge first-time ldap login to existing user account by email addresses. When a user logs in for the first time via ldap this option will connect this user into their existing account by finding the account with a matching email address. Otherwise a new user account will be created for the user.
modified_at
lock
When this config was last modified
modified_by
lock
User id of user who last modified this config
set_roles_from_groups
Set user roles in Looker based on groups from LDAP
test_ldap_password
(Write-Only) Test LDAP user password. For ldap tests only.
test_ldap_user
(Write-Only) Test LDAP user login id. For ldap tests only.
user_attribute_map_email
Name of user record attributes used to indicate email address field
user_attribute_map_first_name
Name of user record attributes used to indicate first name
user_attribute_map_last_name
Name of user record attributes used to indicate last name
user_attribute_map_ldap_id
Name of user record attributes used to indicate unique record id
user_attributes
user_attributes_with_ids
user_bind_base_dn
Distinguished name of LDAP node used as the base for user searches
user_custom_filter
(Optional) Custom RFC-2254 filter clause for use in finding user during login. Combined via 'and' with the other generated filter clauses.
user_id_attribute_names
Name(s) of user record attributes used for matching user login id (comma separated list)
user_objectclass
(Optional) Name of user record objectclass used for finding user during login id
allow_normal_group_membership
Allow LDAP auth'd users to be members of non-reflected Looker groups. If 'false', user will be removed from non-reflected groups on login.
allow_roles_from_normal_groups
LDAP auth'd users will be able to inherit roles from non-reflected Looker groups.
allow_direct_roles
Allows roles to be directly assigned to LDAP auth'd users.
url
lock
Link to get this item
Response
200: Result info.
Datatype
Description
(object)
details
lock
Additional details for error cases
issues
Expand LDAPConfigTestIssue definition...
severity
lock
Severity of the issue. Error or Warning
message
lock
Message describing the issue
message
lock
Short human readable test about the result
status
lock
Test status code: always 'success' or 'error'
trace
lock
A more detailed trace of incremental results during auth tests
user
lock
User details from LDAP server for auth tests
Expand LDAPUser definition...
all_emails
attributes
lock
Dictionary of user's attributes (name/value)
email
lock
Primary email address
first_name
lock
First name
groups
last_name
lock
Last Name
ldap_dn
lock
LDAP's distinguished name for the user record
ldap_id
lock
LDAP's Unique ID for the user
roles
url
lock
Link to ldap config
url
lock
Link to ldap config
400: Bad Request
Datatype
Description
(object)
message
lock
Error details
documentation_url
lock
Documentation link
403: Permission Denied
Datatype
Description
(object)
message
lock
Error details
documentation_url
lock
Documentation link
404: Not Found
Datatype
Description
(object)
message
lock
Error details
documentation_url
lock
Documentation link
422: Validation Error
Datatype
Description
(object)
message
lock
Error details
errors
Expand ValidationErrorDetail definition...
field
lock
Field with error
code
lock
Error code
message
lock
Error info message
documentation_url
lock
Documentation link
documentation_url
lock
Documentation link
429: Too Many Requests
Datatype
Description
(object)
message
lock
Error details
documentation_url
lock
Documentation link