gandc/lldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lldap/example_configs/harbor.md
kevin7s-io 8db7d8a46f
example_configs: Add Harbor
2024-03-12 21:42:37 +01:00

1.5 KiB
Raw Permalink Blame History

Harbor is a CNCF cloud native container registry for kubernetes.

You can pass environment variables into harbor-core for auth configuration as documented here.

Configure ldap_url and ldap_verify_cert as needed for your installation.

Using the harbor-helm chart, these vars can be passed in under core.configureUserSettings as a JSON string:

core:
  configureUserSettings: |
    {
      "auth_mode": "ldap_auth",
      "ldap_url": "ldaps://lldap.example.com",
      "ldap_base_dn": "ou=people,dc=example,dc=com",
      "ldap_search_dn": "uid=bind,ou=people,dc=example,dc=com",
      "ldap_search_password": "very-secure-password",
      "ldap_group_base_dn": "ou=groups,dc=example,dc=com",
      "ldap_group_admin_dn": "cn=harbor-admin-group,ou=groups,dc=example,dc=com",
      "ldap_group_search_filter": "(objectClass=groupOfUniqueNames)",
      "ldap_group_attribute_name": "uid"
    }

Important

ldap_search_dn needs to be able to bind and search. The lldap_strict_readonly group is sufficient.

Note

Members of the ldap_group_admin_dn group will receive harbor admin privledges. Users outside this group will have their ldap group(s) imported into harbor (under "groups" with type "ldap"). These groups can be used for permissions assigned to a harbor "project".