Private projects become inaccessible after upgrading Harbor for TKGI to v2.4.x with LDAP feature enabled
search cancel

Private projects become inaccessible after upgrading Harbor for TKGI to v2.4.x with LDAP feature enabled

book

Article ID: 298714

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

After upgrading Harbor for Tanzu Kubernetes Grid Integration Edition(TKGI) to v2.4.x with the LDAP feature enabled, private projects on Harbor that were previously be accessed by LDAP users turn inaccessible.

LDAP users can still login via the CLI or Harbor web UI, but can not pull, push, view, and manage images in those private projects. 


Environment

Product Version: Other

Resolution

This is a known issue with OSS Harbor and Harbor for TKG v2.4.x.

To work around the issue, follow these steps:

1. Login to Harbor web UI with admin user.

2. Navigate to Configuration - Authentication > LDAP Group Filter.

3. For the AD server, set `objectClass=group`. For openLDAP, set `objectClass=groupOfNames`.

4. Save the change. 


If the issue is not resolved with the above steps, open a support request with VMware and attach Harbor logs. Harbor Log can be download from Ops Manager UI.