}}

Directory-based authentication via LDAP

Enterprise DC/OS Preview Updated: April 18, 2017

If your organization has user records stored in a directory server supporting LDAP, you can configure Enterprise DC/OS to check user credentials against it. This allows you to avoid having to recreate your user accounts within DC/OS.

When the user attempts to login, DC/OS will ask the remote LDAP server to validate the credentials. DC/OS never receives or stores the passwords of remote users. For this reason, if DC/OS cannot connect to the remote LDAP, such as because someone has changed or deleted the LDAP configuration, the user’s login will fail. DC/OS does store an internal representation of the user to allow the DC/OS administrator to put the user into a group and assign permissions.

If your LDAP user name is in the distinguished name (DN), you can use a simple bind to connect to the LDAP directory. Otherwise, a search/bind connection should cover all other cases.

Important: Review the DC/OS user ID requirements in Managing users and groups.

Requirement The directory server must support LDAP 3.

To set up an LDAP connection:

  1. Configure your connection.

  2. Configure your authentication.

  3. Verify the connection.