==================================
Configuring Repository to use LDAP
==================================

To enable Lightweight Directory Access Protocol (LDAP) support:

#. Open the Repository configuration file
   ``$PREFIX/etc/anaconda-server/config.yaml`` and add the
   following configuration::

    LDAP: {
      # Replace with company LDAP server
      'URI': 'ldap://<ldap.company.com>',

      # Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company specific LDAP Bind/Base DN
      # Bind directly to this Base DN.
      'BIND_DN': '<uid=%(username)s,ou=People,dc=company,dc=com>',

      # Map LDAP keys into application specific keys
      'KEY_MAP': {
          'name':'cn',
          'company': 'o',
          'location':'l',
          'email': 'mail',
        },
    }



   NOTE: Replace the URI ``ldap://<ldap.company.com>`` with the
   location of your LDAP server and the ``BIND_DN`` with the
   values specific to your LDAP server. Change the ``KEY_MAP``
   keys to the associated values for your LDAP server.

#. When switching authentication to LDAP, the admin account is lost, so
   you need to add your admin account again::

    anaconda-server-admin set-superuser "jsmith"

#. Run the ``flask-ldap-login-check`` command to verify LDAP
   connectivity::

    flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'


   NOTE: Replace ``jsmith`` and ``abc123DEF`` with your LDAP
   username and password.

#. To apply the changes, restart the Repository server::

    supervisorctl restart all

#. Open a new browser window and navigate to your local
   Repository installation::

    http://your.anaconda.repository

   NOTE: Replace ``your.anaconda.repository`` with your Repository
   server IP address or domain name.

#. Log in using your LDAP credentials.

#. Optional. You may set an LDAP network timeout in seconds with the options
   OPT_NETWORK_TIMEOUT and OPT_TIMEOUT. The default value is 0, meaning no
   timeout.

   For example, to set the timeout to 60 seconds, add this block to the
   LDAP settings in your configuration file::

    OPTIONS:
       OPT_NETWORK_TIMEOUT: 60
       OPT_TIMEOUT: 60
