配置Harbor启用LDAP认证
2017-06-25
现在我们的Harbor使用前置的nginx接入,并在前置nginx上启用了SSL,Harbor的MySQL使用的是我们环境中高可用的MySQL GR集群。 为了我们的团队环境整合到一起,我们还需要为Harbor启用LDAP认证。
Harbor对LDAP支持的很好,只需要修改harbor.cfg:
1auth_mode = ldap_auth
2
3auth_mode = ldap_auth
4
5#The url for an ldap endpoint.
6ldap_url = ldap://192.168.61.100:389
7
8#A user's DN who has the permission to search the LDAP/AD server.
9#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
10#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
11ldap_searchdn = cn=Manager,dc=frognew,dc=com
12
13#the password of the ldap_searchdn
14ldap_search_pwd = plaint_password
15
16#The base DN from which to look up a user in LDAP/AD
17ldap_basedn = ou=People,dc=frognew,dc=com
18
19#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
20ldap_filter = (objectClass=person)
21
22# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
23ldap_uid = uid
24
25#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
26ldap_scope = 3
27
28#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
29ldap_timeout = 5
重新Prepare重启Harbor即可:
1docker-compose down -v
2./prepare
3docker-compose up -d