docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update LDAP screenshot and UI descriptions (#4435)

This commit is contained in:
Jim Galasyn 2017-08-29 17:09:38 -07:00 committed by GitHub
parent 843d8ab430
commit c6d413a8c4
3 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
datacenter/ucp/2.2/guides/access-control/create-and-manage-teams.md
View File

@ -32,10 +32,12 @@ Choose the users that you want to add to the team, and when you're done, click
![](../images/create-and-manage-teams-3.png){: .with-border} ![](../images/create-and-manage-teams-3.png){: .with-border}
## Sync team members with your organization's LDAP directory ## Enable Sync Team Members
To sync the team with your organization's LDAP directory, click **Yes**.
If UCP is configured to sync users with your organization's LDAP directory If UCP is configured to sync users with your organization's LDAP directory
server, you will have the option to enable syncing the new team's members when server, you have the option to enable syncing the new team's members when
creating a new team or when modifying settings of an existing team. creating a new team or when modifying settings of an existing team.
[Learn how to configure integration with an LDAP directory](../admin/configure/external-auth/index.md). [Learn how to configure integration with an LDAP directory](../admin/configure/external-auth/index.md).
Enabling this option expands the form with additional fields for configuring Enabling this option expands the form with additional fields for configuring
@ -45,7 +47,7 @@ the sync of team members.
There are two methods for matching group members from an LDAP directory: There are two methods for matching group members from an LDAP directory:
**Match LDAP Group Members** **Match Group Members**
This option specifies that team members should be synced directly with members This option specifies that team members should be synced directly with members
of a group in your organization's LDAP directory. The team's membership will by of a group in your organization's LDAP directory. The team's membership will by
@ -56,7 +58,7 @@ synced to match the membership of the group.
| Group DN | This specifies the distinguished name of the group from which to select users. | | Group DN | This specifies the distinguished name of the group from which to select users. |
| Group Member Attribute | The value of this group attribute corresponds to the distinguished names of the members of the group. | | Group Member Attribute | The value of this group attribute corresponds to the distinguished names of the members of the group. |
**Match LDAP Search Results** **Match Search Results**
This option specifies that team members should be synced using a search query This option specifies that team members should be synced using a search query
against your organization's LDAP directory. The team's membership will be against your organization's LDAP directory. The team's membership will be
@ -64,13 +66,13 @@ synced to match the users in the search results.
| Field | Description | | Field | Description |
| :--------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- | | :--------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- |
| Base DN | The distinguished name of the node in the directory tree where the search should start looking for users. | | Search Base DN | The distinguished name of the node in the directory tree where the search should start looking for users. |
| Search subtree instead of just one level | Whether to perform the LDAP search on a single level of the LDAP tree, or search through the full LDAP tree starting at the Base DN. | | Search Filter | The LDAP search filter used to find users. If you leave this field empty, all existing users in the search scope will be added as members of the team. |
| Filter | The LDAP search filter used to find users. If you leave this field empty, all existing users in the search scope will be added as members of the team. | | Search subtree instead of just one level | Whether to perform the LDAP search on a single level of the LDAP tree, or search through the full LDAP tree starting at the Base DN. |
**Sync Now** **Immediately Sync Team Members**
Select this option to immediately run an LDAP sync operation after saving the Select this option to run an LDAP sync operation immediately after saving the
configuration for the team. It may take a moment before the members of the team configuration for the team. It may take a moment before the members of the team
are fully synced. are fully synced.

29
datacenter/ucp/2.2/guides/admin/configure/external-auth/index.md
View File

@ -30,11 +30,21 @@ Now configure your LDAP directory integration.
Click the dropdown to select the permission level assigned by default to Click the dropdown to select the permission level assigned by default to
the private collections of new users. the private collections of new users.
[Learn more about permission levels](../../../access-control/permission-levels.md). [Learn more about permission levels](../../../access-control/permission-levels.md).
## LDAP domains ## Login Session Controls
Click **Add LDAP Domain** to show the LDAP server configuration settings. | Field | Description |
| :---------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Lifetime Hours | The maxiumum length of a login session. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours. |
| Renewal Threshold Hours | The time to wait before UCP renews the session automatically. Typically, this occurs during a user session and is independent of session activity. The default is 24 hours. |
| Per User Limit | The maximum number of simultaneous logins for a user. |
## LDAP Enabled
Click **Yes** to enable integrating UCP users and teams with LDAP servers.
## LDAP server
| Field | Description | | Field | Description |
| :-------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | :-------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
@ -44,12 +54,14 @@ Click **Add LDAP Domain** to show the LDAP server configuration settings.
| Use Start TLS | Whether to authenticate/encrypt the connection after connecting to the LDAP server over TCP. If you set the LDAP Server URL field with `ldaps://`, this field is ignored. | | Use Start TLS | Whether to authenticate/encrypt the connection after connecting to the LDAP server over TCP. If you set the LDAP Server URL field with `ldaps://`, this field is ignored. |
| Skip TLS verification | Whether to verify the LDAP server certificate when using TLS. The connection is still encrypted but vulnerable to man-in-the-middle attacks. | | Skip TLS verification | Whether to verify the LDAP server certificate when using TLS. The connection is still encrypted but vulnerable to man-in-the-middle attacks. |
| No simple pagination | If your LDAP server doesn't support pagination. | | No simple pagination | If your LDAP server doesn't support pagination. |
| Just-In-Time User Provisioning | Whether to create user accounts only when users log in for the first time. The default valu eof `true` is recommended. |
![](../../../images/ldap-integration-1.png){: .with-border} ![](../../../images/ldap-integration-1.png){: .with-border}
Click **Confirm** to add your LDAP domain. Click **Confirm** to add your LDAP domain.
To integrate with more LDAP servers, click **Add LDAP Domain**.
## LDAP user search configurations ## LDAP user search configurations
| Field | Description | | | Field | Description | |
@ -96,15 +108,6 @@ something goes wrong.
You can also manually synchronize users by clicking **Sync Now**. You can also manually synchronize users by clicking **Sync Now**.
## Login Session Controls
| Field | Description |
| :---------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Lifetime Hours | The maxiumum length of a login session. When this time expires, UCP invalidates the session, and the user must authenticate again to establish a new session. The default is 72 hours. |
| Renewal Threshold Hours | The time to wait before UCP renews the session automatically. Typically, this occurs during a user session and is independent of session activity. The default is 24 hours. |
| Per User Limit | The maximum number of simultaneous logins for a user. |
## Revoke user access ## Revoke user access
When a user is removed from LDAP, that user becomes inactive after the LDAP When a user is removed from LDAP, that user becomes inactive after the LDAP

BIN
datacenter/ucp/2.2/guides/images/create-and-manage-teams-5.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 33 KiB

After

Width:  |  Height:  |  Size: 33 KiB