← Back to OpenLDAP Docker

Portainer LDAP Authentication

Configure Portainer CE to authenticate users against OpenLDAP with group-based administrator access.

Docker Compose

Download and start the stack:

wget https://raw.githubusercontent.com/VibhuviOiO/infinite-containers/main/openldap/docker-compose-portainer.yml -O docker-compose.yml

Environment Configuration

Create .env.vibhuvioio:

LDAP_ORGANISATION=vibhuvioio
LDAP_DOMAIN=vibhuvioio.com
LDAP_ADMIN_PASSWORD=changeme

Start Services

docker compose up -d

Verify LDAP Directory

docker exec openldap-vibhuvioio ldapsearch -x -LLL -b dc=vibhuvioio,dc=com

Expected: ou=People and ou=Group

Create LDAP Groups

Create groups.ldif:

dn: cn=portainer-admins,ou=Group,dc=vibhuvioio,dc=com
objectClass: groupOfNames
cn: portainer-admins
member: cn=Manager,dc=vibhuvioio,dc=com

dn: cn=portainer-users,ou=Group,dc=vibhuvioio,dc=com
objectClass: groupOfNames
cn: portainer-users
member: cn=Manager,dc=vibhuvioio,dc=com

Import:

docker exec -i openldap-vibhuvioio ldapadd \
  -x -D "cn=Manager,dc=vibhuvioio,dc=com" -w changeme \
  -f /dev/stdin < groups.ldif

Create LDAP User

Create devuser.ldif:

dn: cn=devuser,ou=People,dc=vibhuvioio,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: devuser
userPassword: password
description: Portainer User

Import:

docker exec -i openldap-vibhuvioio ldapadd \
  -x -D "cn=Manager,dc=vibhuvioio,dc=com" -w changeme \
  -f /dev/stdin < devuser.ldif

Add User to Admin Group

docker exec -i openldap-vibhuvioio ldapmodify \
  -x -D "cn=Manager,dc=vibhuvioio,dc=com" -w changeme <<EOF
dn: cn=portainer-admins,ou=Group,dc=vibhuvioio,dc=com
changetype: modify
add: member
member: cn=devuser,ou=People,dc=vibhuvioio,dc=com
EOF

Access Portainer

Open https://localhost:9443 and create the initial local admin account (required once).

Configure LDAP Authentication

Navigate: Settings → Authentication → LDAP

Connection Settings

FieldValue
LDAP Serveropenldap-vibhuvioio:389
Anonymous modeOFF
Reader DNcn=Manager,dc=vibhuvioio,dc=com
Passwordchangeme
Click Test connectivity — must succeed.

LDAP Security

Leave both OFF for plain LDAP inside Docker:
  • StartTLS → OFF
  • TLS → OFF

User Search

FieldValue
Base DNou=People,dc=vibhuvioio,dc=com
Username attributecn
Filter(objectClass=simpleSecurityObject)

Test Login

Logout from Portainer and login with:

Username: devuser
Password: password
If group membership is correct, the user receives administrator privileges.

Docker Compose Reference

ServiceImagePort
openldapghcr.io/vibhuvioio/openldap-docker/openldap:main389
ldap-managerghcr.io/vibhuvioio/ldap-manager:latest8000
portainerportainer/portainer-ce:2.20.39000, 9443