Configuring Repository to use Active Directory#

Microsoft Active Directory is a server program that provides directory services and uses the open industry standard Lightweight Directory Access Protocol (LDAP).

To enable Active Directory support:

  1. Open the Repository configuration file $PREFIX/etc/anaconda-server/config.yaml and add the following configuration:

    account_names_filter: false
    USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
        # Replace with company LDAP server
        'URI': 'ldap://<ldap.server.url>'
        # This BIND_DN/BIND_PASSWORD default to '', this is shown here for
        # demonstrative purposes. To enable Authorized Bind, insert the AD
        # BIND_DN and BIND_AUTH password for and authorized AD user.
        #e.g. 'BIND_DN': '<cn=Authorized User,cn=users,dc=company,dc=local>'
        #e.g. 'BIND_AUTH': '<AuthUsrPassword>'
        # The values '' perform an anonymous bind so we may use search/bind method
        BIND_DN: ''
        BIND_AUTH: ''
        # Adding the USER_SEARCH field tells the flask-ldap-login that we
        # are using the search/bind method
            base: <cn=users,dc=company,dc=local>
            filter: sAMAccountName=%(username)s
        # Map ldap keys into application specific keys
            name: 'cn'
            company: 'o'
            location: 'l'
            email: 'userPrincipalName'
  2. To apply the changes, restart the Repository server:

    supervisorctl restart all
  3. Run the flask-ldap-login-check command to verify Active Directory connectivity:

    flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'

    NOTE: Replace jsmith and abc123DEF with your Active Directory username and password.

    You see a response similar to the following:

    [anaconda.server] Started Site
    Got userdata for jsmith
    {'company': None, 'email': None, 'location': None, 'name': 'Jane Smith'}
  4. Open your browser and navigate to your local Repository installation:


    NOTE: Replace your.anaconda.repository with your Repository IP address or domain name.

  5. Log in with Active Directory.