In this blog, we will see how to integrate Harbor with external LDAP.
Note: Authentication mode in harbor can only be updated during initial installation. To change this, you will have to re-install the harbor vm.
Update Harbor Tile:
Login to the operations manager and select the harbor tile
Go to settings > Authentication and select LDAP. Once done, click on save.
Now, click on review pending changes
Click on apply changes
Once the harbor vm is installed successfully, login to the GUI by going to https://harbor-fqdn, use the default admin user to login.
Note: We have not looked into the other settings needed for harbor vm installation in this blog. We will discuss that in a different blog post.
Under Administration, go to Configuration and select the Authentication tab. Use the Auth Mode drop-down menu to select LDAP.
Enter information about your LDAP server as below. Once done, click on save.
LDAP Search DN and LDAP Search Password: When a user logs in to Harbor with their LDAP username and password, Harbor uses these values to bind to the LDAP/AD server
LDAP Base DN: Harbor looks up the user under the LDAP Base DN entry, including the subtree
LDAP Filter: The filter to search for LDAP/AD users
LDAP UID: An attribute, for example uid, or cn, that is used to match a user with the username
LDAP Scope: The scope to search for LDAP/AD users
Configure the group settings if you would like to configure user authentication with LDAP groups.
LDAP Group Base DN: The base DN from which to lookup a group in LDAP/AD
LDAP Group Filter: The filter to search for LDAP/AD groups
LDAP Group GID: The attribute used to name an LDAP/AD group
LDAP Group Admin DN: All LDAP/AD users in this group DN have Harbor system administrator privileges
LDAP Group Membership: The user attribute usd to identify a user as a member of a group
LDAP Scope: The scope to search for LDAP/AD groups
Once the LDAP settings are saved, click on Projects and select the project.
Go to Members tab and click on add group icon as in the below screenshot.
Select Add a group from LDAP to project member option. Updated the LDAP group DN and a name for the group. Also select a role from the drop down menu. Once done, click save.
Now we can see the PKSadmin LDAP group is added as member. Click on add user icon to add a LDAP user.
Type the name of the LDAP user and select a role. Once done, click on OK.
LDAP user is added successfully.
Select the user and click on SET AS ADMIN to give it admin rights.
The user has administrator rights now.
Now lets login to harbor with the LDAP user we have added.
In the below screenshot, we can see that we have successfully logged into harbor with the LDAP user that is added.