==============================================
Configuring Repository to use Active Directory
==============================================


Microsoft Active Directory is a server program that provides directory
services and uses the open industry standard Lightweight Directory
Access Protocol (LDAP).

To enable Active Directory support:

#. Open the Repository configuration file
   ``$PREFIX/etc/anaconda-server/config.yaml`` and add the following
   configuration::

    LDAP : {
        'URI': 'ldap://<ldap.server.url>',

        # This BIND_DN/BIND_PASSWORD default to '', this is shown here for
        # demonstrative purposes. To enable Authorized Bind, insert the AD
        # BIND_DN and BIND_AUTH password for and authorized AD user.
        #
        #e.g. 'BIND_DN': '<cn=Authorized User,cn=users,dc=company,dc=local>',
        #e.g. 'BIND_AUTH': '<AuthUsrPassword>',

        # The values '' perform an anonymous bind so we may use search/bind method
        'BIND_DN': '',
        'BIND_AUTH': '',

        # Adding the USER_SEARCH field tells the flask-ldap-login that we
        # are using the search/bind method
        'USER_SEARCH': {'base': '<cn=users,dc=company,dc=local>', 'filter': 'sAMAccountName=%(username)s'},

        # Map ldap keys into application specific keys
        'KEY_MAP': {
            'name':'cn',
            'company': 'o',
            'location':'l',
            'email': 'userPrincipalName',
            },
    }



   NOTE: Replace the URI ``<ldap.server.url>`` with the location
   of your Active Directory server, ``BIND_DN`` with the values
   specific to your Active Directory server and the ``BIND_AUTH``
   with the password of the user specified in the BIND_DN. Change
   the ``KEY_MAP`` keys to the associated values from your Active
   Directory server.

#. To apply the changes, restart the Repository server::

    supervisorctl restart all

#. Run the ``flask-ldap-login-check`` command to verify Active
   Directory connectivity::

    flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'



   NOTE: Replace ``jsmith`` and ``abc123DEF`` with your Active
   Directory username and password.

   You see a response similar to the following::

    [anaconda.server] Started Site
    Got userdata for jsmith
    {'company': None, 'email': None, 'location': None, 'name': 'Jane Smith'}



#. Open your browser and navigate to your local Repository
   installation::

    http://your.anaconda.repository

   NOTE: Replace ``your.anaconda.repository`` with your Repository IP
   address or domain name.

#. Log in with Active Directory.
