Configuring Repository to use LDAPΒΆ

To enable Lightweight Directory Access Protocol (LDAP) support:

  1. Open the Repository configuration file $PREFIX/etc/anaconda-server/config.yaml and add the following configuration:

    account_names_filter: false
    USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
    LDAP:
      # Replace with company LDAP server
      URI: 'ldap://<ldap.company.com>'
    
      # Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company specific LDAP Bind/Base DN
      # Bind directly to this Base DN.
      BIND_DN: '<uid=%(username)s,ou=People,dc=company,dc=com>'
    
      # Map LDAP keys into application specific keys
      KEY_MAP:
          name: 'cn'
          company: 'o'
          location: 'l'
          email: 'mail'
    
  2. When switching authentication to LDAP, the admin account is lost, so you need to add your admin account again:

    anaconda-server-admin set-superuser "jsmith"
    
  3. Run the flask-ldap-login-check command to verify LDAP connectivity:

    flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'
    

    NOTE: Replace jsmith and abc123DEF with your LDAP username and password.

  4. To apply the changes, restart the Repository server:

    supervisorctl restart all
    
  5. Open a new browser window and navigate to your local Repository installation:

    http://your.anaconda.repository
    

    NOTE: Replace your.anaconda.repository with your Repository server IP address or domain name.

  6. Log in using your LDAP credentials.

  7. Optional. You may set an LDAP network timeout in seconds with the options OPT_NETWORK_TIMEOUT and OPT_TIMEOUT. The default value is 0, meaning no timeout.

    For example, to set the timeout to 60 seconds, add this block to the LDAP settings in your configuration file:

    OPTIONS:
       OPT_NETWORK_TIMEOUT: 60
       OPT_TIMEOUT: 60