auth-methods update
Command: boundary auth-methods update
The auth-methods update
command lets you update Boundary auth method resources.
Examples
The following example updates an auth method to set the -max-age
option to 0
.
This update forces the user to reauthenticate, if they are already logged in with the current browser session:
Example output:
Usage
Command options:
-description
(string: "")
- The description to set on the auth method.-id
(string: "")
- The ID of the auth method to update.-name
(string: "")
- The name to set on the auth method.-version
(int: 0)
- The version of the auth method to update. If you do not specify a version, the command performs a check-and-set automatically.
CLI options
In addition to the command specific options, there are options common to all CLI commands and subcommands:
Usages by type
The available types are: ldap
, oidc
, and password
.
The boundary auth-methods update ldap
command lets you update an LDAP auth method.
Example
The following example updates an LDAP auth method with the ID amldap_1234567890
to add the name devops
and the description LDAP auth-method for DevOps
:
Usage
LDAP auth method options
The following are LDAP-specific options in addition to the command options.
-anon-group-search
- Uses anon bind when performing LDAP group searches (optional). The default value isfalse
.-bind-dn
(string: "")
- Uses the distinguished name of entry to bind when performing user and group searches (optional).-bind-password
(string: "")
- Indicates the password to use along with bind-dn when performing user and group searches (optional).-certificate
(string: "")
- Specifies a PEM-encoded X.509 CA certificate in ASN.1 DER form that can be used as a trust anchor when connecting to an LDAP server(optional). You can specify this value multiple times.-client-certificate
(string: "")
- Specifies a PEM-encoded X.509 client certificate in ASN.1 DER form that can be used to authenticate against an LDAP server (optional).-client-certificate-key
(string: "")
- Specifies a PEM-encoded X.509 client certificate key in PKCS #8, ASN.1 DER form used with the client certificate (optional).-discover-dn
- Uses anon bind to discover the bind DN of a user (optional). The default value isfalse
.-enable-groups
- Finds the authenticated user's groups during authentication (optional). The default isfalse
.-group-attr
(string: "")
- Specifies the attribute that enumerates a user's group membership from entries returned by a group search (optional).-group-dn
(string: "")
- Specifies the base DN under which to perform group search.-group-filter
(string: "")
- Indicates a go template used to construct a LDAP group search filter (optional).-insecure-tls
- Skips the LDAP server SSL certificate validation (optional). Use this option with caution, it is insecure. The default value isfalse
.-start-tls
- Issues the StartTLS command after connecting (optional). The default isfalse
.-state
(string: "")
- Indicates the desired operational state of the auth method.-upn-domain
(string: "")
- Indicates the userPrincipalDomain used to construct the UPN string for the authenticating user (optional).-urls
(string: "")
- Indicates the LDAP URLs that specify LDAP servers to connect to (required). You may specify this value multiple times.-use-token-groups
- Uses the Active Directory tokenGroups constructed attribute of the user to find the group memberships (optional). The default value isfalse
.-user-attr
(string: "")
- Indicates the attribute on user entry matching the username that is passed during authentication (optional).-user-dn
(string: "")
- Specifies the base DN under which to perform user search (optional).-user-filter
(string: "")
- Specifies a go template used to construct a LDAP user search filter (optional).