}}

Configuring the LDAP connection

Enterprise DC/OS Updated: November 16, 2016

  1. Click on the Settings -> Organization -> External Directory tab.

  2. Click Add Directory.

  3. Type the host name or IP address of the LDAP directory server in the Host box.

    Tip: Do not include the protocol prefix or port number.

  4. Type the TCP/IP port number to use in the Port box.

    Tip: Port 389 is usually used for StartTLS and unencrypted communications. Port 636 is often used for LDAPS connections.

  5. Provide the full DN of the user account you will use to connect to the LDAP server to import users, groups, and check user credentials in the Lookup DN field. The DN template string depends on your directory setup. A few examples follow.

    cn=read-only-user,dc=los-pollos,dc=io
    uid=read-only-user,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
    uid=read-only-user,ou=users,dc=example,dc=com
    

    Tip: We recommend a read-only user account.

  6. Provide the password of the account in the Lookup Password field.

  7. Select your preferred encryption option from the Select SSL/TLS Setting list box.

    • Select the Use SSL/TLS for all connections check box to use Secure LDAP (LDAPS).

    • Select Attempt StartTLS, abort if it fails to attempt to upgrade the connection to TLS via StartTLS and abort the connection should the upgrade to TLS fail.

    • Select Attempt StartTLS, proceed unencrypted if it fails to attempt to upgrade the connection to TLS via StartTLS and continue the connection unencrypted if the upgrade to TLS fail.

    Tip: We recommend either Use SSL/TLS for all connections or Attempt StartTLS, abort if it fails to ensure either SSL/TLS or StartTLS encryption; otherwise the password is sent in the clear.

  8. Specify your authentication method and parameters, as discussed in the next section.