Docker UCP integrates with LDAP directory services, so that you can manage -users and groups from your organization’s directory and automatically -propagate this information to UCP and DTR. You can set up your cluster’s LDAP -configuration by using the UCP web UI, or you can use a -UCP configuration file.
- -To see an example TOML config file that shows how to configure UCP settings,
-run UCP with the example-config option.
-Learn about UCP configuration files.
docker container run --rm /: example-config
-Use the following command to extract the name of the currently active
-configuration from the ucp-agent service.
-$ CURRENT_CONFIG_NAME=$(docker service inspect --format '{{ range $config := .Spec.TaskTemplate.ContainerSpec.Configs }}{{ $config.ConfigName }}{{ "\n" }}{{ end }}' ucp-agent | grep 'com.docker.ucp.config-')
-
-Get the current configuration and save it to a TOML file.
- -
-docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml
-
-Use the output of the example-config command as a guide to edit your
-config.toml file. Under the [auth] sections, set backend = "ldap"
-and [auth.ldap] to configure LDAP integration the way you want.
Once you’ve finished editing your config.toml file, create a new Docker
-Config object by using the following command.
NEW_CONFIG_NAME="com.docker.ucp.config-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))"
-docker config create $NEW_CONFIG_NAME config.toml
-Update the ucp-agent service to remove the reference to the old config
-and add a reference to the new config.
docker service update --config-rm "$CURRENT_CONFIG_NAME" --config-add "source=${NEW_CONFIG_NAME},target=/etc/ucp/ucp.toml" ucp-agent
-Wait a few moments for the ucp-agent service tasks to update across
-your cluster. If you set jit_user_provisioning = true in the LDAP
-configuration, users matching any of your specified search queries will
-have their accounts created when they log in with their username and LDAP
-password.