Configuring Repository to use Active DirectoryΒΆ
Microsoft Active Directory is a server program that provides directory services and uses the open industry standard Lightweight Directory Access Protocol (LDAP).
To enable Active Directory support:
Open the Repository configuration file
$PREFIX/etc/anaconda-server/config.yaml
and add the following configuration:LDAP : { 'URI': 'ldap://<ldap.server.url>', # This BIND_DN/BIND_PASSWORD default to '', this is shown here for # demonstrative purposes. To enable Authorized Bind, insert the AD # BIND_DN and BIND_AUTH password for and authorized AD user. # #e.g. 'BIND_DN': '<cn=Authorized User,cn=users,dc=company,dc=local>', #e.g. 'BIND_AUTH': '<AuthUsrPassword>', # The values '' perform an anonymous bind so we may use search/bind method 'BIND_DN': '', 'BIND_AUTH': '', # Adding the USER_SEARCH field tells the flask-ldap-login that we # are using the search/bind method 'USER_SEARCH': {'base': '<cn=users,dc=company,dc=local>', 'filter': 'sAMAccountName=%(username)s'}, # Map ldap keys into application specific keys 'KEY_MAP': { 'name':'cn', 'company': 'o', 'location':'l', 'email': 'userPrincipalName', }, }
NOTE: Replace the URI
<ldap.server.url>
with the location of your Active Directory server,BIND_DN
with the values specific to your Active Directory server and theBIND_AUTH
with the password of the user specified in the BIND_DN. Change theKEY_MAP
keys to the associated values from your Active Directory server.To apply the changes, restart the Repository server:
supervisorctl restart all
Run the
flask-ldap-login-check
command to verify Active Directory connectivity:flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'
NOTE: Replace
jsmith
andabc123DEF
with your Active Directory username and password.You see a response similar to the following:
[anaconda.server] Started Site Got userdata for jsmith {'company': None, 'email': None, 'location': None, 'name': 'Jane Smith'}
Open your browser and navigate to your local Repository installation:
http://your.anaconda.repository
NOTE: Replace
your.anaconda.repository
with your Repository IP address or domain name.Log in with Active Directory.