Integrate with LDAP by using a configuration file
Estimated reading time: 2 minutesDocker UCP integrates with LDAP directory services, so that you can manage users and groups from your organization’s directory and automatically propagate this information to UCP and DTR. You can set up your swarm’s LDAP configuration by using the UCP web UI, or you can use a UCP configuration file.
To see an example TOML config file that shows how to configure UCP settings,
run UCP with the example-config
option.
Learn about UCP configuration files.
$ docker container run --rm docker/ucp:3.0.10 example-config
Set up LDAP by using a configuration file
-
Use the following command to extract the name of the currently active configuration from the
ucp-agent
service.$ CURRENT_CONFIG_NAME=$(docker service inspect --format '{{ range $config := .Spec.TaskTemplate.ContainerSpec.Configs }}{{ $config.ConfigName }}{{ "\n" }}{{ end }}' ucp-agent | grep 'com.docker.ucp.config-')
-
Get the current configuration and save it to a TOML file.
$ docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml
-
Use the output of the
example-config
command as a guide to edit yourconfig.toml
file. Under the[auth]
sections, setbackend = "ldap"
and[auth.ldap]
to configure LDAP integration the way you want. -
Once you’ve finished editing your
config.toml
file, create a new Docker Config object by using the following command.$ NEW_CONFIG_NAME="com.docker.ucp.config-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))" docker config create $NEW_CONFIG_NAME config.toml
-
Update the
ucp-agent
service to remove the reference to the old config and add a reference to the new config.$ docker service update --config-rm "$CURRENT_CONFIG_NAME" --config-add "source=${NEW_CONFIG_NAME},target=/etc/ucp/ucp.toml" ucp-agent
-
Wait a few moments for the
ucp-agent
service tasks to update across your swarm. If you setjit_user_provisioning = true
in the LDAP configuration, users matching any of your specified search queries will have their accounts created when they log in with their username and LDAP password.