For further details on configuring OpenLDAP, refer to the official documentation.

  1. When a user attempts to login with his LDAP credentials, Rancher creates an initial bind to the LDAP server using a service account with permissions to search the directory and read user/group attributes.
  2. Rancher then searches the directory for the user by using a search filter based on the provided username and configured attribute mappings.
  3. Once authentication succeeded, Rancher then resolves the group memberships both from the membership attribute in the user’s object and by performing a group search based on the configured user mapping attribute.

OpenLDAP Server Configuration

You will need to enter the address, port, and protocol to connect to your OpenLDAP server. is the standard port for insecure traffic, 636 for TLS traffic.

Using TLS?

If you are in doubt about the correct values to enter in the user/group Search Base configuration fields, consult your LDAP administrator or refer to the section Identify Search Base and Schema using ldapsearch in the Active Directory authentication documentation.

OpenLDAP Server Parameters

User/Group Schema Configuration

If your OpenLDAP directory deviates from the standard OpenLDAP schema, you must complete the Customize Schema section to match it.

Note that the attribute mappings configured in this section are used by Rancher to construct search filters and resolve group membership. It is therefore always recommended to verify that the configuration here matches the schema used in your OpenLDAP.

The table below details the parameters for the user schema configuration.

User Schema Configuration Parameters

Group Schema Configuration

The table below details the parameters for the group schema configuration.

Group Schema Configuration Parameters