docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/deploy/access-control/usermgmt-sync-with-ldap.md

6.0 KiB
Raw Blame History

title description keywords redirect_from ui_tabs
Synchronize users and teams with LDAP Learn how to enable LDAP and sync users and teams in Docker Universal Control Plane. authorize, authentication, users, teams, UCP, Docker, LDAP
/ucp/
version orhigher
ucp-3.0 true
version orlower
ucp-2.2 true

{% if include.ui %} {% if include.version=="ucp-3.0" %}

To enable LDAP in UCP and sync team members with your LDAP directory:

  1. Click Admin Settings under your username drop down.
  2. Click Authentication & Authorization.
  3. Scroll down and click Yes by LDAP Enabled. A list of LDAP settings displays.
  4. Input values to match your LDAP server installation.
  5. Test your configuration in UCP.
  6. Manually create teams in UCP to mirror those in LDAP.
  7. Click Sync Now.

If UCP is configured to sync users with your organization's LDAP directory server, you can enable syncing the new team's members when creating a new team or when modifying settings of an existing team.

Learn how to sync with LDAP at the backend.

{: .with-border}

There are two methods for matching group members from an LDAP directory:

Match Group Members

This option specifies that team members should be synced directly with members of a group in your organization's LDAP directory. The team's membership will by synced to match the membership of the group.

Field Description
Group DN The distinguished name of the group from which to select users.
Group Member Attribute The value of this group attribute corresponds to the distinguished names of the members of the group.

Match Search Results

This option specifies that team members should be synced using a search query against your organization's LDAP directory. The team's membership will be synced to match the users in the search results.

Field Description
Search Base DN Distinguished name of the node in the directory tree where the search should start looking for users.
Search Filter Filter to find users. If null, existing users in the search scope are added as members of the team.
Search subtree Defines search through the full LDAP tree, not just one level, starting at the Base DN.

Immediately Sync Team Members

Select this option to run an LDAP sync operation immediately after saving the configuration for the team. It may take a moment before the members of the team are fully synced.

{% elsif include.version=="ucp-2.2" %}

To enable LDAP in UCP and sync team members with your LDAP directory:

  1. Click Admin Settings under your username drop down.
  2. Click Authentication & Authorization.
  3. Scroll down and click Yes by LDAP Enabled. A list of LDAP settings displays.
  4. Input values to match your LDAP server installation.
  5. Test your configuration in UCP.
  6. Manually create teams in UCP to mirror those in LDAP.
  7. Click Sync Now.

If UCP is configured to sync users with your organization's LDAP directory server, you can enable syncing the new team's members when creating a new team or when modifying settings of an existing team.

Learn how to sync with LDAP at the backend.

{: .with-border}

There are two methods for matching group members from an LDAP directory:

Match Group Members

This option specifies that team members should be synced directly with members of a group in your organization's LDAP directory. The team's membership will by synced to match the membership of the group.

Field Description
Group DN The distinguished name of the group from which to select users.
Group Member Attribute The value of this group attribute corresponds to the distinguished names of the members of the group.

Match Search Results

This option specifies that team members should be synced using a search query against your organization's LDAP directory. The team's membership will be synced to match the users in the search results.

Field Description
Search Base DN The distinguished name of the node in the directory tree where the search should start looking for users.
Search Filter The LDAP search filter used to find users. If you leave this field empty, all existing users in the search scope will be added as members of the team.
Search subtree instead of just one level Whether to perform the LDAP search on a single level of the LDAP tree, or search through the full LDAP tree starting at the Base DN.

Immediately Sync Team Members

Select this option to run an LDAP sync operation immediately after saving the configuration for the team. It may take a moment before the members of the team are fully synced.

{% endif %} {% endif %}