配置Harbor启用LDAP认证

2017-06-25 阅读: Harbor

现在我们的Harbor使用前置的nginx接入,并在前置nginx上启用了SSL,Harbor的MySQL使用的是我们环境中高可用的MySQL GR集群。 为了我们的团队环境整合到一起,我们还需要为Harbor启用LDAP认证。

Harbor对LDAP支持的很好,只需要修改harbor.cfg:

auth_mode = ldap_auth

auth_mode = ldap_auth

#The url for an ldap endpoint.
ldap_url = ldap://192.168.61.100:389

#A user's DN who has the permission to search the LDAP/AD server.
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
ldap_searchdn = cn=Manager,dc=frognew,dc=com

#the password of the ldap_searchdn
ldap_search_pwd = plaint_password

#The base DN from which to look up a user in LDAP/AD
ldap_basedn = ou=People,dc=frognew,dc=com

#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
ldap_filter = (objectClass=person)

# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
ldap_uid = uid

#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3

#Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
ldap_timeout = 5

重新Prepare重启Harbor即可:

docker-compose down -v
./prepare
docker-compose up -d

参考

标题:配置Harbor启用LDAP认证
本文链接:https://blog.frognew.com/2017/06/config-harbor-with-ldap.html
转载请注明出处。

目录