DC/OS DocumentationIn this section, you will specify the address, protocol and certificates to be used to connect to the LDAP server.
-
Click on the Settings -> LDAP Directory tab.
-
Click Add Directory.
Figure 1. Add Directory dialog
-
Type the host name or IP address of the LDAP directory server in the Host box. Do not include the protocol prefix or port number.
-
Type the TCP/IP port number to use in the Port box. Port
389is usually used for StartTLS and unencrypted communications. Port636is often used for LDAPS connections. -
Select your preferred encryption option from the Select SSL/TLS setting list box.
-
Select Use SSL/TLS for all connections to use Secure LDAP (LDAPS).
-
Select Attempt StartTLS, abort if it fails to attempt to upgrade the connection to TLS via StartTLS and abort the connection should the upgrade to TLS fail.
-
Select Attempt StartTLS, proceed unencrypted if it fails to attempt to upgrade the connection to TLS via StartTLS and continue the connection unencrypted if the upgrade to TLS fail.
NOTE: We recommend choosing either Use SSL/TLS for all connections or Attempt StartTLS, abort if it fails to ensure either SSL/TLS or StartTLS encryption; otherwise the password is sent in the clear.
-
-
If the LDAP directory server requires DC/OS to present a client certificate, paste it into the Client certificate and private key (Optional) field. The value should look similar to the following.
-----BEGIN PRIVATE KEY----- MIIDtDCCApy... -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- OIymBpP... -----END CERTIFICATE----- -
To ensure that your DC/OS cluster does not accept connections from parties other than the designated LDAP directory server, paste the root CA certificate of the LDAP directory server and any intermediate certificates in the CA certificate chain (Optional) field. We highly recommend completing this step to establish a secure communication channel with the LDAP directory server.
-
Specify your authentication method and parameters, as discussed in the authentication section.