}}
  1. Click on the Settings -> Organization -> External Directory tab.

  2. Click Add Directory.

  3. Type the host name or IP address of the LDAP directory server in the Host box.

    Tip: Do not include the protocol prefix or port number.

  4. Type the TCP/IP port number to use in the Port box.

    Tip: Port 389 is usually used for StartTLS and unencrypted communications. Port 636 is often used for LDAPS connections.

  5. Select your preferred encryption option from the Select SSL/TLS setting list box.

    • Select the Use SSL/TLS for all connections check box to use Secure LDAP (LDAPS).

    • Select Attempt StartTLS, abort if it fails to attempt to upgrade the connection to TLS via StartTLS and abort the connection should the upgrade to TLS fail.

    • Select Attempt StartTLS, proceed unencrypted if it fails to attempt to upgrade the connection to TLS via StartTLS and continue the connection unencrypted if the upgrade to TLS fail.

    Tip: We recommend either Use SSL/TLS for all connections or Attempt StartTLS, abort if it fails to ensure either SSL/TLS or StartTLS encryption; otherwise the password is sent in the clear.

  6. If the LDAP directory server requires DC/OS to present a client certificate, paste it into the Client certificate and private key (Optional) field. The value should look similar to the following.

    -----BEGIN PRIVATE KEY-----
    MIIDtDCCApy...
    -----END PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    OIymBpP...
    -----END CERTIFICATE-----
    
  7. To ensure that your DC/OS cluster does not accept connections from parties other than the designated LDAP directory server, paste the root CA certificate of the LDAP directory server and any intermediate certificates in the CA certificate chain (Optional) field. We highly recommend completing this step to establish a secure communication channel with the LDAP directory server.

  8. Specify your authentication method and parameters, as discussed in the next section.