Parameter | Value |
Authentication Mode: By default, it is set to db_auth. Choose ldap_auth to allow your users from LDAP or AD to log in to Harbor. Note: This option can only be set once. After the first boot of Harbor, it cannot be possible to change the authentication mode, it will not be considered even if the mode is changed in the VM's settings. As a workaround, redeploy Harbor with the correct authentication mode. | auth_mod = ldap_auth |
Self Registration: Determine whether the self-registration is allowed or not. Set this to off to disable a user's self-registration in Harbor. Note: This flag has no effect when users are stored in LDAP or AD. | on or off |
LDAP URL: The URL of an LDAP/AD server. | ldap://ip_or_fqdn_ldap_server:389(default) or ldaps://ip_or_fqdn_ldap_server:636 (default) (if you implemented LDAP over SSL) |
LDAP Search DN: A user's DN who has the permission to search the LDAP/AD server. Leave blank if your LDAP/AD server supports anonymous search, otherwise you should configure this DN and LDAP Search Password. | ldap_searchdn = cn=user_cn, cn=user_accounts_cn, dc=domain_p1, dc=domain_p2 ldap_searchdn = cn=John Doe,cn=Users,dc=mydomain,dc=com |
LDAP Search Password: The password of the user for LDAP search. Leave blank if your LDAP/AD server supports anonymous search. | ldap_search_pwd = user_password |
LDAP Base DN: The base DN of a node from which to look up a user for authentication. The search scope includes subtree of the node. | ldap_basedn = dc=mydomain,dc=com |
LDAP UID: The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD server. | ldap_uid = sAMAccountName |