Integration: Harbor with External LDAP

In this blog, we will see how to integrate Harbor with external LDAP.

Note: Authentication mode in harbor can only be updated during initial installation. To change this, you will have to re-install the harbor vm.

Update Harbor Tile:

Login to the operations manager and select the harbor tile

Go to settings > Authentication and select LDAP. Once done, click on save.

Now, click on review pending changes

Click on apply changes

Once the harbor vm is installed successfully, login to the GUI by going to https://harbor-fqdn, use the default admin user to login.

Note: We have not looked into the other settings needed for harbor vm installation in this blog. We will discuss that in a different blog post.

Under Administration, go to Configuration and select the Authentication tab. Use the Auth Mode drop-down menu to select LDAP.

Enter information about your LDAP server as below. Once done, click on save.

LDAP Search DN and LDAP Search Password: When a user logs in to Harbor with their LDAP username and password, Harbor uses these values to bind to the LDAP/AD server

LDAP Base DN: Harbor looks up the user under the LDAP Base DN entry, including the subtree

LDAP Filter: The filter to search for LDAP/AD users

LDAP UID: An attribute, for example uid, or cn, that is used to match a user with the username

LDAP Scope: The scope to search for LDAP/AD users

Configure the group settings if you would like to configure user authentication with LDAP groups.

LDAP Group Base DN: The base DN from which to lookup a group in LDAP/AD

LDAP Group Filter: The filter to search for LDAP/AD groups

LDAP Group GID: The attribute used to name an LDAP/AD group

LDAP Group Admin DN: All LDAP/AD users in this group DN have Harbor system administrator privileges

LDAP Group Membership: The user attribute usd to identify a user as a member of a group

LDAP Scope: The scope to search for LDAP/AD groups

Once the LDAP settings are saved, click on Projects and select the project.

Go to Members tab and click on add group icon as in the below screenshot.

Select Add a group from LDAP to project member option. Updated the LDAP group DN and a name for the group. Also select a role from the drop down menu. Once done, click save.

Now we can see the PKSadmin LDAP group is added as member. Click on add user icon to add a LDAP user.

Type the name of the LDAP user and select a role. Once done, click on OK.

LDAP user is added successfully.

Select the user and click on SET AS ADMIN to give it admin rights.

The user has administrator rights now.

Now lets login to harbor with the LDAP user we have added.

In the below screenshot, we can see that we have successfully logged into harbor with the LDAP user that is added.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: