Configuring Repository to use LDAPΒΆ
To enable Lightweight Directory Access Protocol (LDAP) support:
Open the Repository configuration file
$PREFIX/etc/anaconda-server/config.yaml
and add the following configuration:LDAP: { # Replace with company LDAP server 'URI': 'ldap://<ldap.company.com>', # Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company specific LDAP Bind/Base DN # Bind directly to this Base DN. 'BIND_DN': '<uid=%(username)s,ou=People,dc=company,dc=com>', # Map LDAP keys into application specific keys 'KEY_MAP': { 'name':'cn', 'company': 'o', 'location':'l', 'email': 'mail', }, }
NOTE: Replace the URI
ldap://<ldap.company.com>
with the location of your LDAP server and theBIND_DN
with the values specific to your LDAP server. Change theKEY_MAP
keys to the associated values for your LDAP server.When switching authentication to LDAP, the admin account is lost, so you need to add your admin account again:
anaconda-server-admin set-superuser "jsmith"
Run the
flask-ldap-login-check
command to verify LDAP connectivity:flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'
NOTE: Replace
jsmith
andabc123DEF
with your LDAP username and password.To apply the changes, restart the Repository server:
supervisorctl restart all
Open a new browser window and navigate to your local Repository installation:
http://your.anaconda.repository
NOTE: Replace
your.anaconda.repository
with your Repository server IP address or domain name.Log in using your LDAP credentials.
Optional. You may set an LDAP network timeout in seconds with the options OPT_NETWORK_TIMEOUT and OPT_TIMEOUT. The default value is 0, meaning no timeout.
For example, to set the timeout to 60 seconds, add this block to the LDAP settings in your configuration file:
OPTIONS: OPT_NETWORK_TIMEOUT: 60 OPT_TIMEOUT: 60