Configuring LDAP authentication for the Terraform Enterprise installer dashboard(Replicated)

Avatar
Jen Johnston
  • Updated

Introduction

The Terraform Enterprise installer dashboard (Replicated) uses password authentication by default but can be configured to use LDAP authentication. This article details how to configure LDAP authentication on an existing installer dashboard after initially configuring the instance to use password authentication.

Procedure

To configure LDAP authentication for the installer dashboard, perform the following steps.

  1. Navigate to the installer dashboard at https://<TFE_HOSTNAME>:8800.
  2. Click the gear icon at the top right of the page.
  3. Select Console Settings from the menu that appears.
  4. In the Security section, click Change console security settings.
  5. Select LDAP from the options list and configure your LDAP connection using the settings detailed below.

LDAP Settings Explained

Server Settings

  • Server Type: Select OpenLDAP, Active Directory, or Other.
  • Hostname: Enter the hostname of the LDAP server, including the port and encryption method.
  • Search username: Specify the user account used to log into the LDAP server for searches.
  • Search password: Enter the password for the search user.

LDAP Schema

  • Base DN: The root node in the LDAP tree for searching users and groups.
  • User search DN: (Optional) Additional fields from the Base DN to specifically search for users. This is not required if the user search DN is already included in the Base DN.
  • Restricted user group: (Optional) Specify a group name to filter for a particular LDAP user. Use cn and memberuid, where occurrences of %s represent the username and group name respectively.
  • Advanced Search Options:
    • User Query: The LDAP query used to look up users. The query must contain a {{username}} placeholder that will be replaced with the user's name. For example: (cn={{username}}).
    • Restricted User Group Query: The LDAP query used to validate user group membership. This query can contain two placeholders: {{userdn}} (the found user's DN) and {{username}}. For example: (&(cn=Accounting)(memberuid={{username}})).
  • Username field: (Optional) The LDAP attribute that represents the username.

Login User Validation

  • Username: The username (without the Base DN) for a one-time validation performed each time you update the LDAP configuration. This username is not saved.
  • Password: The password for the validating username.

Troubleshooting

This section covers common errors encountered when saving LDAP settings.

Error: User not found

If you receive this error, the username specified in the Login User Validation section could not be found.

Error validating LDAP schema: User not found

Solution: Review and correct the settings in the LDAP Schema section.

Error: no such host

This error indicates that the hostname provided for the LDAP server is invalid or cannot be resolved via DNS.

Error validating LDAP schema: LDAP Result Code 200 "": dial tcp: lookup <DNS NAME> on 168.63.129.16:53: no such host

Solution: Verify that the Hostname under Server Settings is correct and resolvable from the Terraform Enterprise instance.

Error: i/o timeout

This error suggests a network connectivity issue where the Terraform Enterprise instance cannot reach the LDAP server on the specified port.

Error applying security settings
Console auth validation failed for type ldap: Error validating LDAP schema: LDAP Result Code 200 "": dial tcp <IP ADDRESS>:389: i/o timeout

Solution: Check for network firewall rules or security groups that may be blocking traffic from the Terraform Enterprise instance to the LDAP server. Confirm the Hostname and port are correct in the Server Settings.

Additional Information

For more details on Terraform Enterprise configuration, please refer to the official documentation.

Articles in this section

See more

Related articles