==================================
Configuring Repository to use LDAP
==================================

To enable Lightweight Directory Access Protocol (LDAP) support:

#. Open the Repository configuration file
   ``$PREFIX/etc/anaconda-server/config.yaml`` and add the
   following configuration::

    account_names_filter: false
    USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
    LDAP:
      # Replace with company LDAP server
      URI: 'ldap://<ldap.company.com>'

      # Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company specific LDAP Bind/Base DN
      # Bind directly to this Base DN.
      BIND_DN: '<uid=%(username)s,ou=People,dc=company,dc=com>'

      # Map LDAP keys into application specific keys
      KEY_MAP:
          name: 'cn'
          company: 'o'
          location:'l'
          email: 'mail'

#. When switching authentication to LDAP, the admin account is lost, so
   you need to add your admin account again::

    anaconda-server-admin set-superuser "jsmith"

#. Run the ``flask-ldap-login-check`` command to verify LDAP
   connectivity::

    flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'


   NOTE: Replace ``jsmith`` and ``abc123DEF`` with your LDAP
   username and password.

#. To apply the changes, restart the Repository server::

    supervisorctl restart all

#. Open a new browser window and navigate to your local
   Repository installation::

    http://your.anaconda.repository

   NOTE: Replace ``your.anaconda.repository`` with your Repository
   server IP address or domain name.

#. Log in using your LDAP credentials.

#. Optional. You may set an LDAP network timeout in seconds with the options
   OPT_NETWORK_TIMEOUT and OPT_TIMEOUT. The default value is 0, meaning no
   timeout.

   For example, to set the timeout to 60 seconds, add this block to the
   LDAP settings in your configuration file::

    OPTIONS:
       OPT_NETWORK_TIMEOUT: 60
       OPT_TIMEOUT: 60
