harbor/docs/configure_user_settings.md
stonezdj(Daojun Zhang) 978c7027a1 Add document for admin server refactor (#7479)
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-05-10 13:25:36 +08:00

5.6 KiB

Config Harbor user settings by command line

After release 1.8.0, all user settings are separated from system settings, it can not be configured in config file anymore. Users need to configure it with admin privileges in web console or via HTTP request.

curl -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -ki <Harbor Server URL>/api/configurations -d'{"<item_name>":"<item_value>"}'

Get current configurations

curl -u "<username>:<password>" -H "Content-Type: application/json" -ki <Harbor Server URL>/api/configurations

Sample config commands:

  1. Update Harbor to use LDAP auth

    Command

    curl -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/configurations -d'{"auth_mode":"ldap_auth"}'
    

    Output

    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 08 May 2019 08:22:02 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 0
    Connection: keep-alive
    Set-Cookie: sid=a5803a1265e2b095cf65ce1d8bbd79b1; Path=/; HttpOnly
    
  2. Restrict project creation to admin only

    Command

    curl -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/configurations -d'{"project_creation_restriction":"adminonly"}'
    

    Output

    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 08 May 2019 08:24:32 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 0
    Connection: keep-alive
    Set-Cookie: sid=b7925eaf7af53bdefb13bdcae201a14a; Path=/; HttpOnly
    
  3. Update the token expiration time

    Command

    curl -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/configurations -d'{"token_expiration":"300"}'
    

    Output

    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 08 May 2019 08:23:38 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 0
    Connection: keep-alive
    Set-Cookie: sid=cc1bc93ffa2675253fc62b4bf3d9de0e; Path=/; HttpOnly
    

Harbor user settings

Configure item name Description Type Required Default Value
auth_mode Authentication mode, it can be db_auth, ldap_auth, uaa_auth or oidc_auth string
email_from Email from string required (email feature)
email_host Email server string required (email feature)
email_identity Email identity string optional (email feature)
email_password Email password string required (email feature)
email_insecure Email verify certificate, true or false boolean optional (email feature) false
email_port Email server port number required (email feature)
email_ssl Email SSL boolean optional false
email_username Email username string required (email feature)
ldap_url LDAP URL string required
ldap_base_dn LDAP base DN string required(ldap_auth)
ldap_filter LDAP filter string optional
ldap_scope LDAP search scope, 0-Base Level, 1- One Level, 2-Sub Tree number optional 2-Sub Tree
ldap_search_dn LDAP DN to search LDAP users string required(ldap_auth)
ldap_search_password LDAP DN's password string required(ldap_auth)
ldap_timeout LDAP connection timeout number optional 5
ldap_uid LDAP attribute to indicate the username in Harbor string optional cn
ldap_verify_cert Verify cert when create SSL connection with LDAP server, true or false boolean optional true
ldap_group_admin_dn LDAP Group Admin DN string optional
ldap_group_attribute_name LDAP Group Attribute, the LDAP attribute indicate the groupname in Harbor, it can be gid or cn string optional cn
ldap_group_base_dn The Base DN which to search the LDAP groups string required(ldap_auth and LDAP group)
ldap_group_search_filter The filter to search LDAP groups string optional
ldap_group_search_scope LDAP group search scope, 0-Base Level, 1- One Level, 2-Sub Tree number optional 2-Sub Tree
ldap_group_membership_attribute LDAP group membership attribute, to indicate the group membership, it can be memberof, or ismemberof string optional memberof
project_creation_restriction The option to indicate user can be create object, it can be everyone, adminonly string optional everyone
read_only The option to set repository read only, it can be true or false boolean optional false
self_registration User can register account in Harbor, it can be true or false boolean optional true
token_expiration Security token expirtation time in minutes number optional 30
uaa_client_id UAA client ID string required(uaa_auth)
uaa_client_secret UAA certificate string required(uaa_auth)
uaa_endpoint UAA endpoint string required(uaa_auth)
uaa_verify_cert UAA verify cert, true or false boolean optional true
oidc_name name for OIDC authentication string required(oidc_auth)
oidc_endpoint endpoint for OIDC auth string required(oidc_auth)
oidc_client_id client id for OIDC auth string required(oidc_auth)
oidc_client_secret client secret for OIDC auth string required(oidc_auth)
oidc_scope scope for OIDC auth string required(oidc_auth)
oidc_verify_cert verify cert for OIDC auth, true or false boolean optional true
robot_token_duration Robot token expiration time in minutes number optional 43200 (30days)

Note: Both boolean and number can be enclosed with double quote in the request json, for example: 123, "123", "true" or true is OK.