If your organization has user records stored in a directory server supporting LDAP, you can configure Enterprise DC/OS to check user credentials against it. This allows you to avoid having to recreate your user accounts within DC/OS.
When the user attempts to login, DC/OS will ask the remote LDAP server to validate the credentials. DC/OS never receives or stores the passwords of remote users. For this reason, if DC/OS cannot connect to the remote LDAP, such as because someone has changed or deleted the LDAP configuration, the user’s login will fail. DC/OS does store an internal representation of the user to allow the DC/OS administrator to put the user into a group and assign permissions.
If your LDAP user name is in the distinguished name (DN), you can use a simple bind to connect to the LDAP directory. Otherwise, a search/bind connection should cover all other cases.
Important: Review the DC/OS user ID requirements in Managing users and groups.
Requirement The directory server must support LDAP 3.
To set up an LDAP connection:
Configure your connection.
Configure your authentication.
Verify the connection.
First, you specify the address, protocol, and certificates to be used to connect to the LDAP server.
Next, set up the authentication method and parameters needed to connect to the LDAP server.
Lastly, verify that the parameters you provided allow you to connect the LDAP server.