mirror of https://github.com/docker/docs.git
Update LDAP screenshot and UI descriptions (#4435)
This commit is contained in:
Jim Galasyn
GitHub
parent
843d8ab430
commit
c6d413a8c4
|
|
@ -32,10 +32,12 @@ Choose the users that you want to add to the team, and when you're done, click
|
|||
|
||||
{: .with-border}
|
||||
|
||||
## Sync team members with your organization's LDAP directory
|
||||
## Enable Sync Team Members
|
||||
|
||||
To sync the team with your organization's LDAP directory, click **Yes**.
|
||||
|
||||
If UCP is configured to sync users with your organization's LDAP directory
|
||||
server, you will have the option to enable syncing the new team's members when
|
||||
server, you have the option to enable syncing the new team's members when
|
||||
creating a new team or when modifying settings of an existing team.
|
||||
[Learn how to configure integration with an LDAP directory](../admin/configure/external-auth/index.md).
|
||||
Enabling this option expands the form with additional fields for configuring
|
||||
|
|
@ -45,7 +47,7 @@ the sync of team members.
|
|||
|
||||
There are two methods for matching group members from an LDAP directory:
|
||||
|
||||
**Match LDAP Group Members**
|
||||
**Match Group Members**
|
||||
|
||||
This option specifies that team members should be synced directly with members
|
||||
of a group in your organization's LDAP directory. The team's membership will by
|
||||
|
|
@ -56,7 +58,7 @@ synced to match the membership of the group.
|
|||
| Group DN | This specifies the distinguished name of the group from which to select users. |
|
||||
| Group Member Attribute | The value of this group attribute corresponds to the distinguished names of the members of the group. |
|
||||
|
||||
**Match LDAP Search Results**
|
||||
**Match Search Results**
|
||||
|
||||
This option specifies that team members should be synced using a search query
|
||||
against your organization's LDAP directory. The team's membership will be
|
||||
|
|
@ -64,13 +66,13 @@ synced to match the users in the search results.
|
|||
|
||||
| Field | Description |
|
||||
| :--------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Base DN | The distinguished name of the node in the directory tree where the search should start looking for users. |
|
||||
| Search subtree instead of just one level | Whether to perform the LDAP search on a single level of the LDAP tree, or search through the full LDAP tree starting at the Base DN. |
|
||||
| Filter | The LDAP search filter used to find users. If you leave this field empty, all existing users in the search scope will be added as members of the team. |
|
||||
| Search Base DN | The distinguished name of the node in the directory tree where the search should start looking for users. |
|
||||
| Search Filter | The LDAP search filter used to find users. If you leave this field empty, all existing users in the search scope will be added as members of the team. |
|
||||
| Search subtree instead of just one level | Whether to perform the LDAP search on a single level of the LDAP tree, or search through the full LDAP tree starting at the Base DN. |
|
||||
|
||||
**Sync Now**
|
||||
**Immediately Sync Team Members**
|
||||
|
||||
Select this option to immediately run an LDAP sync operation after saving the
|
||||
Select this option to run an LDAP sync operation immediately after saving the
|
||||
configuration for the team. It may take a moment before the members of the team
|
||||
are fully synced.
|
||||
|
||||
|
|
|
|||
|
|
@ -30,11 +30,21 @@ Now configure your LDAP directory integration.
|
|||
|
||||
Click the dropdown to select the permission level assigned by default to
|
||||
the private collections of new users.
|
||||
[Learn more about permission levels](../../../access-control/permission-levels.md).
|
||||
[Learn more about permission levels](../../../access-control/permission-levels.md).
|
||||
|
||||
## LDAP domains
|
||||
## Login Session Controls
|
||||
|
||||
Click **Add LDAP Domain** to show the LDAP server configuration settings.
|
||||
| Field | Description |
|
||||
| :---------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Lifetime Hours | The maxiumum length of a login session. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours. |
|
||||
| Renewal Threshold Hours | The time to wait before UCP renews the session automatically. Typically, this occurs during a user session and is independent of session activity. The default is 24 hours. |
|
||||
| Per User Limit | The maximum number of simultaneous logins for a user. |
|
||||
|
||||
## LDAP Enabled
|
||||
|
||||
Click **Yes** to enable integrating UCP users and teams with LDAP servers.
|
||||
|
||||
## LDAP server
|
||||
|
||||
| Field | Description |
|
||||
| :-------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
|
|
@ -44,12 +54,14 @@ Click **Add LDAP Domain** to show the LDAP server configuration settings.
|
|||
| Use Start TLS | Whether to authenticate/encrypt the connection after connecting to the LDAP server over TCP. If you set the LDAP Server URL field with `ldaps://`, this field is ignored. |
|
||||
| Skip TLS verification | Whether to verify the LDAP server certificate when using TLS. The connection is still encrypted but vulnerable to man-in-the-middle attacks. |
|
||||
| No simple pagination | If your LDAP server doesn't support pagination. |
|
||||
|
||||
| Just-In-Time User Provisioning | Whether to create user accounts only when users log in for the first time. The default valu eof `true` is recommended. |
|
||||
|
||||
{: .with-border}
|
||||
|
||||
Click **Confirm** to add your LDAP domain.
|
||||
|
||||
To integrate with more LDAP servers, click **Add LDAP Domain**.
|
||||
|
||||
## LDAP user search configurations
|
||||
|
||||
| Field | Description | |
|
||||
|
|
@ -96,15 +108,6 @@ something goes wrong.
|
|||
|
||||
You can also manually synchronize users by clicking **Sync Now**.
|
||||
|
||||
## Login Session Controls
|
||||
|
||||
| Field | Description |
|
||||
| :---------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Lifetime Hours | The maxiumum length of a login session. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours. |
|
||||
| Renewal Threshold Hours | The time to wait before UCP renews the session automatically. Typically, this occurs during a user session and is independent of session activity. The default is 24 hours. |
|
||||
| Per User Limit | The maximum number of simultaneous logins for a user. |
|
||||
|
||||
|
||||
## Revoke user access
|
||||
|
||||
When a user is removed from LDAP, that user becomes inactive after the LDAP
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 33 KiB |
Loading…
Reference in New Issue