Configuring Repository to use LDAP

To enable Lightweight Directory Access Protocol (LDAP) support:

1. Open the Repository configuration file $PREFIX/etc/anaconda-server/config.yaml and add the following configuration:

   account_names_filter: false
   USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
   LDAP:
     # Replace with company LDAP server
     URI: 'ldap://<ldap.company.com>'
   
     # Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company specific LDAP Bind/Base DN
     # Bind directly to this Base DN.
     BIND_DN: '<uid=%(username)s,ou=People,dc=company,dc=com>'
   
     # Map LDAP keys into application specific keys
     KEY_MAP:
         name: 'cn'
         company: 'o'
         location: 'l'
         email: 'mail'
   

2. When switching authentication to LDAP, the admin account is lost, so you need to add your admin account again:

   anaconda-server-admin set-superuser "jsmith"
   

3. Run the flask-ldap-login-check command to verify LDAP connectivity:

   flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'
   

   NOTE: Replace jsmith and abc123DEF with your LDAP username and password.

4. To apply the changes, restart the Repository server:

   supervisorctl restart all
   

5. Open a new browser window and navigate to your local Repository installation:

   http://your.anaconda.repository
   

   NOTE: Replace your.anaconda.repository with your Repository server IP address or domain name.

6. Log in using your LDAP credentials.

7. Optional. You may set an LDAP network timeout in seconds with the options OPT_NETWORK_TIMEOUT and OPT_TIMEOUT. The default value is 0, meaning no timeout.

   For example, to set the timeout to 60 seconds, add this block to the LDAP settings in your configuration file:

   OPTIONS:
      OPT_NETWORK_TIMEOUT: 60
      OPT_TIMEOUT: 60