# Config Harbor user settings by command line After release 1.8.0, all user settings are separated from system settings, it can not be configured in config file anymore. Users need to configure it with admin privileges in web console or via HTTP request. `curl -X PUT -u ":" -H "Content-Type: application/json" -ki /api/configurations -d'{"":""}'` Get current configurations `curl -u ":" -H "Content-Type: application/json" -ki /api/configurations` ## Sample config commands: 1. Update Harbor to use LDAP auth Command ```shell curl -X PUT -u ":" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/configurations -d'{"auth_mode":"ldap_auth"}' ``` Output ``` HTTP/1.1 200 OK Server: nginx Date: Wed, 08 May 2019 08:22:02 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Set-Cookie: sid=a5803a1265e2b095cf65ce1d8bbd79b1; Path=/; HttpOnly ``` 1. Restrict project creation to admin only Command ```shell curl -X PUT -u ":" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/configurations -d'{"project_creation_restriction":"adminonly"}' ``` Output ``` HTTP/1.1 200 OK Server: nginx Date: Wed, 08 May 2019 08:24:32 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Set-Cookie: sid=b7925eaf7af53bdefb13bdcae201a14a; Path=/; HttpOnly ``` 1. Update the token expiration time Command ```shell curl -X PUT -u ":" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/configurations -d'{"token_expiration":"300"}' ``` Output ``` HTTP/1.1 200 OK Server: nginx Date: Wed, 08 May 2019 08:23:38 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: keep-alive Set-Cookie: sid=cc1bc93ffa2675253fc62b4bf3d9de0e; Path=/; HttpOnly ``` ## Harbor user settings | Configure item name | Description | Type | Required | Default Value | | ------------ |------------ | ---- | ----- | ----- | auth_mode | Authentication mode, it can be db_auth, ldap_auth, uaa_auth or oidc_auth | string email_from | Email from | string | required (email feature) email_host | Email server | string | required (email feature) email_identity | Email identity | string | optional (email feature) email_password | Email password | string | required (email feature) email_insecure | Email verify certificate, true or false |boolean | optional (email feature) | false email_port | Email server port | number | required (email feature) email_ssl | Email SSL | boolean | optional | false email_username | Email username | string | required (email feature) ldap_url | LDAP URL | string | required | ldap_base_dn | LDAP base DN | string | required(ldap_auth) ldap_filter | LDAP filter | string | optional ldap_scope | LDAP search scope, 0-Base Level, 1- One Level, 2-Sub Tree | number | optional | 2-Sub Tree ldap_search_dn | LDAP DN to search LDAP users| string | required(ldap_auth) ldap_search_password | LDAP DN's password |string | required(ldap_auth) ldap_timeout | LDAP connection timeout | number | optional | 5 ldap_uid | LDAP attribute to indicate the username in Harbor | string | optional | cn ldap_verify_cert | Verify cert when create SSL connection with LDAP server, true or false | boolean | optional | true ldap_group_admin_dn | LDAP Group Admin DN | string | optional ldap_group_attribute_name | LDAP Group Attribute, the LDAP attribute indicate the groupname in Harbor, it can be gid or cn | string | optional | cn ldap_group_base_dn | The Base DN which to search the LDAP groups | string | required(ldap_auth and LDAP group) ldap_group_search_filter | The filter to search LDAP groups | string | optional ldap_group_search_scope | LDAP group search scope, 0-Base Level, 1- One Level, 2-Sub Tree | number | optional | 2-Sub Tree| ldap_group_membership_attribute | LDAP group membership attribute, to indicate the group membership, it can be memberof, or ismemberof | string | optional | memberof project_creation_restriction | The option to indicate user can be create object, it can be everyone, adminonly | string | optional | everyone read_only | The option to set repository read only, it can be true or false | boolean | optional | false self_registration | User can register account in Harbor, it can be true or false | boolean | optional| true token_expiration | Security token expirtation time in minutes | number |optional| 30 uaa_client_id | UAA client ID | string | required(uaa_auth) uaa_client_secret | UAA certificate | string | required(uaa_auth) uaa_endpoint | UAA endpoint | string | required(uaa_auth) uaa_verify_cert | UAA verify cert, true or false | boolean | optional | true oidc_name | name for OIDC authentication | string | required(oidc_auth) oidc_endpoint | endpoint for OIDC auth | string | required(oidc_auth) oidc_client_id | client id for OIDC auth | string | required(oidc_auth) oidc_client_secret | client secret for OIDC auth |string | required(oidc_auth) oidc_scope | scope for OIDC auth | string| required(oidc_auth) oidc_verify_cert | verify cert for OIDC auth, true or false | boolean | optional| true robot_token_duration | Robot token expiration time in minutes | number | optional | 43200 (30days) **Note:** Both boolean and number can be enclosed with double quote in the request json, for example: `123`, `"123"`, `"true"` or `true` is OK.