If your organization has user records stored in a directory server supporting Lightweight Directory Access Protocol (LDAP), you can configure DC/OS Enterprise to check user credentials against it. This allows you to avoid having to recreate your user accounts within DC/OS. In versions 1.12 and later, DCOS synchronizes with your LDAP periodically, making it even easier to keep your groups and users up to date.
When a user attempts to log in, DC/OS will ask the remote LDAP server to validate the credentials. DC/OS never receives or stores the passwords of remote users. For this reason, if DC/OS cannot connect to the remote LDAP, such as if someone has changed or deleted the LDAP configuration, the user’s login will fail. DC/OS does store an internal representation of the user to allow the DC/OS administrator to put the user into a group and assign permissions.
If your LDAP user name is in the distinguished name (DN), you can use a simple bind to connect to the LDAP directory. Otherwise, a search/bind connection should cover all other cases.
Review the DC/OS user ID requirements in Managing users and groups.
Requirement The directory server must support LDAP 3.
To set up an LDAP connection:
Configuring your connection to the LDAP server…Read More
Specifying Authentication and Parameters
Specifying authentication method and parameters for your LDAP directory…Read More
Verifying your connection to the LDAP server…Read More
LDAP Synchronization…Read More
Troubleshooting LDAP errors
Troubleshooting common authentication and configuration issues for your LDAP directory…Read More