docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/ee/ucp/authorization/_site/create-teams-with-ldap.html

56 lines
2.6 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<p>To enable LDAP in UCP and sync to your LDAP directory:</p>
<ol>
<li>Click <strong>Admin Settings</strong> under your username drop down.</li>
<li>Click <strong>Authentication &amp; Authorization</strong>.</li>
<li>Scroll down and click <code class="highlighter-rouge">Yes</code> by <strong>LDAP Enabled</strong>. A list of LDAP settings displays.</li>
<li>Input values to match your LDAP server installation.</li>
<li>Test your configuration in UCP.</li>
<li>Manually create teams in UCP to mirror those in LDAP.</li>
<li>Click <strong>Sync Now</strong>.</li>
</ol>
<p>If Docker EE is configured to sync users with your organizations LDAP directory
server, you can enable syncing the new teams members when creating a new team
or when modifying settings of an existing team.</p>
<p>For more, see: <a href="../admin/configure/external-auth/index.md">Integrate with an LDAP Directory</a>.</p>
<p><img src="../images/create-and-manage-teams-5.png" alt="" class="with-border" /></p>
<h2 id="binding-to-the-ldap-server">Binding to the LDAP server</h2>
<p>There are two methods for matching group members from an LDAP directory, direct
bind and search bind.</p>
<p>Select <strong>Immediately Sync Team Members</strong> to run an LDAP sync operation
immediately after saving the configuration for the team. It may take a moment
before the members of the team are fully synced.</p>
<h3 id="match-group-members-direct-bind">Match Group Members (Direct Bind)</h3>
<p>This option specifies that team members should be synced directly with members
of a group in your organizations LDAP directory. The teams membership will by
synced to match the membership of the group.</p>
<ul>
<li><strong>Group DN</strong>: The distinguished name of the group from which to select users.</li>
<li><strong>Group Member Attribute</strong>: The value of this group attribute corresponds to
the distinguished names of the members of the group.</li>
</ul>
<h3 id="match-search-results-search-bind">Match Search Results (Search Bind)</h3>
<p>This option specifies that team members should be synced using a search query
against your organizations LDAP directory. The teams membership will be
synced to match the users in the search results.</p>
<ul>
<li><strong>Search Base DN</strong>: Distinguished name of the node in the directory tree where
the search should start looking for users.</li>
<li><strong>Search Filter</strong>: Filter to find users. If null, existing users in the search
scope are added as members of the team.</li>
<li><strong>Search subtree</strong>: Defines search through the full LDAP tree, not just one
level, starting at the Base DN.</li>
</ul>
Reference in New Issue View Git Blame Copy Permalink