}}

Specifying authentication method and parameters

Enterprise DC/OS Updated: November 16, 2016

Selecting the authentication method

  1. Once you have finished specifying your connection parameters in the Connection tab, click Authentication Method.

  2. Select your desired authentication method.

    • Use a simple bind when your LDAP user name is part of your distinguished name (DN)&mdashunless the user names contain commas or spaces.

    • Use a search/bind connection when:

  3. Reference the section appropriate to your selection for information on how to supply the necessary parameters.

Specifying simple bind parameters

  1. Type a DN template that the external LDAP directory can use to locate user accounts in the User DN Template field. This string must include %(username)s, which DC/OS will replace with the user name provided by the user at login. Some examples follow.

    cn=%(username)s,dc=los-pollos,dc=io
    uid=%(username)s,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
    uid=%(username)s,ou=users,dc=example,dc=com
    
  2. When you have completed your entries, the dialog should look something like the following.

  3. Click Save Configuration.

  4. Verify your connection.

Specifying search/bind parameters

While the simple bind connection takes place in a single step, the search/bind operation requires two steps. First the directory is searched for the user name attribute. If located, a bind operation ensues to check the user’s credentials against the external directory.

  1. Specify the DN that contains the user ID attribute in the User Search Base field. Example: cn=Users,dc=example,dc=com

  2. Specify the attribute that contains the user ID in the User Search Filter Template field. This string must include %(username)s, which DC/OS will replace with the user name provided by the user at login. Example: (sAMAccountName=%(username)s). Tip: Make sure this attribute contains just the user ID and no other values.

    • Correct: (uid=%(username)s)

    • Incorrect: (uid=foobar.%(username)s)

  3. When you have completed your entries, the dialog should look something like the following.

  4. Click Save Configuration.

  5. Verify your connection.