Configure LDAP
Continuous Delivery for Puppet Enterprise (PE) supports use of the Lightweight Directory Access Protocol (LDAP) for managing user authentication. Once an LDAP configuration is in place, use group mapping to associate your existing LDAP groups with role-based access control (RBAC) groups in Continuous Delivery for PE.
For organizational or failover protection purposes, you can add multiple LDAP configurations, each specifying a separate LDAP server, to your Continuous Delivery for PE instance. Continuous Delivery for PE uses the LDAP configurations you set up to search your LDAP users in a specified order. Once a user is found, the search ends and that LDAP configuration is used to perform the login operation.
Configuring LDAP server search result limits
Beginning with version 3.10.0, by default Continuous Delivery for PE requests
500 search results at a time from a connected LDAP server. If your LDAP server has a
search result limitation below 500, you can configure Continuous Delivery for PE to match the LDAP server's search result threshold
by setting the CD4PE_LDAP_GROUP_SEARCH_SIZE_LIMIT
environment
variable on the cd4pe_docker_extra_params
parameter.
See Advanced configuration
options for more information.
Create a new LDAP configuration
Add an LDAP configuration to Continuous Delivery for PE by providing key information on the mapping of user and group attributes in your LDAP server implementation.
Create an LDAP group map
Once you add an LDAP configuration to Continuous Delivery for PE, use a group map to map your existing LDAP groups to Continuous Delivery for PE RBAC groups. This makes it possible to mirror group membership defined in LDAP to groups in Continuous Delivery for PE.