If your organization has user records stored in a directory server supporting LDAP, you can configure DC/OS Enterprise to check user credentials against it. This allows you to avoid having to recreate your user accounts within DC/OS.
When the user attempts to login, DC/OS will ask the remote LDAP server to validate the credentials. DC/OS never receives or stores the passwords of remote users. For this reason, if DC/OS cannot connect to the remote LDAP, such as because someone has changed or deleted the LDAP configuration, the user’s login will fail. DC/OS does store an internal representation of the user to allow the DC/OS administrator to put the user into a group and assign permissions.
If your LDAP user name is in the distinguished name (DN), you can use a simple bind to connect to the LDAP directory. Otherwise, a search/bind connection should cover all other cases.
Important: Review the DC/OS user ID requirements in Managing users and groups.
Requirement The directory server must support LDAP 3.
To set up an LDAP connection:
Configuring the LDAP connection
First, you specify the address, protocol, and certificates to be used to connect to the LDAP server. …Read More
Specifying authentication method and parameters
Next, set up the authentication method and parameters needed to connect to the LDAP server. …Read More
Verifying the LDAP connection
Lastly, verify that the parameters you provided allow DC/OS to connect the LDAP server. …Read More