配置仓库以使用 Active Directory

Microsoft Active Directory 是一个服务器程序，提供目录服务并使用开放行业标准轻型目录访问协议 (LDAP)。

要启用 Active Directory 支持

1. 打开仓库配置文件 $PREFIX/etc/anaconda-server/config.yaml 并添加以下配置

   account_names_filter: false
   USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
   LDAP:
       # Replace with company LDAP server
       'URI': 'ldap://<ldap.server.url>'
   
       # This BIND_DN/BIND_PASSWORD default to '', this is shown here for
       # demonstrative purposes. To enable Authorized Bind, insert the AD
       # BIND_DN and BIND_AUTH password for and authorized AD user.
       #
       #e.g. 'BIND_DN': '<cn=Authorized User,cn=users,dc=company,dc=local>'
       #e.g. 'BIND_AUTH': '<AuthUsrPassword>'
   
       # The values '' perform an anonymous bind so we may use search/bind method
       BIND_DN: ''
       BIND_AUTH: ''
   
       # Adding the USER_SEARCH field tells the flask-ldap-login that we
       # are using the search/bind method
       USER_SEARCH:
           base: <cn=users,dc=company,dc=local>
           filter: sAMAccountName=%(username)s
   
       # Map ldap keys into application specific keys
       KEY_MAP:
           name: 'cn'
           company: 'o'
           location: 'l'
           email: 'userPrincipalName'
   

2. 要应用更改，请重启仓库服务器

   supervisorctl restart all
   

3. 运行 flask-ldap-login-check 命令以验证 Active Directory 连接

   flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'
   

   注意：将 jsmith 和 abc123DEF 替换为您的 Active Directory 用户名和密码。

   您会看到类似于以下的响应

   [anaconda.server] Started Site
   Got userdata for jsmith
   {'company': None, 'email': None, 'location': None, 'name': 'Jane Smith'}
   

4. 打开浏览器并导航到您的本地仓库安装

   http://your.anaconda.repository
   

   注意：将 your.anaconda.repository 替换为您的仓库 IP 地址或域名。

5. 使用 Active Directory 登录。