Create teams with LDAP

Estimated reading time: 2 minutes

This topic applies to Docker Enterprise.

The Docker Enterprise platform business, including products, customers, and employees, has been acquired by Mirantis, inc., effective 13-November-2019. For more information on the acquisition and how it may affect you and your business, refer to the Docker Enterprise Customer FAQ.

To enable LDAP in UCP and sync to your LDAP directory:

  1. Click Admin Settings under your username drop down.
  2. Click Authentication & Authorization.
  3. Scroll down and click Yes by LDAP Enabled. A list of LDAP settings displays.
  4. Input values to match your LDAP server installation.
  5. Test your configuration in UCP.
  6. Manually create teams in UCP to mirror those in LDAP.
  7. Click Sync Now.

If Docker Enterprise is configured to sync users with your organization’s LDAP directory server, you can enable syncing the new team’s members when creating a new team or when modifying settings of an existing team.

For more, see: Integrate with an LDAP Directory.

Binding to the LDAP server

There are two methods for matching group members from an LDAP directory, direct bind and search bind.

Select Immediately Sync Team Members to run an LDAP sync operation immediately after saving the configuration for the team. It may take a moment before the members of the team are fully synced.

Match Group Members (Direct Bind)

This option specifies that team members should be synced directly with members of a group in your organization’s LDAP directory. The team’s membership will by synced to match the membership of the group.

  • Group DN: The distinguished name of the group from which to select users.
  • Group Member Attribute: The value of this group attribute corresponds to the distinguished names of the members of the group.

Match Search Results (Search Bind)

This option specifies that team members should be synced using a search query against your organization’s LDAP directory. The team’s membership will be synced to match the users in the search results.

  • Search Base DN: Distinguished name of the node in the directory tree where the search should start looking for users.
  • Search Filter: Filter to find users. If null, existing users in the search scope are added as members of the team.
  • Search subtree: Defines search through the full LDAP tree, not just one level, starting at the Base DN.
authorize, authentication, users, teams, UCP, LDAP