The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Quay Enterprise supports using LDAP as an identity provider.
The Quay Enterprise LDAP setup workflow requires that the user configuring the LDAP Setup to exist in LDAP directory. Before attempting the setup, make sure that you are logged in as a superuser that matches user crendentials in LDAP. In order to do so, Navigate to the SuperUser panel (ex: http(s)://quay.enterprise/superuser) and click on “Create User” button to create a new User. Make sure to create a user that matches username/email syntax in LDAP.
Once the user is created, click on the Settings icon next to the user and choose “Make Superuser” option. For ease of troubleshooting, set the User password to LDAP password.
You will be prompted to restart the container once the new user is created. Restart Quay Enterprise container and log in to the Superuser panel as the user that was just created.
Navigate to the Superuser panel and navigate to settings section. Locate the Authentication section and select “LDAP” from the drop-down menu.
Enter LDAP configuration fields as required.
ou=SFO,ou=Users and ou=NYC,ou=Users), Quay Enterprise can authenticate users from both the NYC and SFO Organizational Units if the User Relative DN is set to Users (ou=Users)
Once the configuration is completed, click on “Save Configuration Changes” button. You will be prompted to login with LDAP credentials.
Administrator DN or Administrator DN Password values are incorrect
Verification of superuser %USERNAME% failed: Username not found The user either does not exist in the remote authentication system OR LDAP auth is misconfigured.
Quay can connect to the LDAP server via Username/Password specified in the Administrator DN fields however cannot find the current logged in user with the UID Attribute or Mail Attribute fields in the User Relative DN Path. Either current logged in user does not exist in User Relative DN Path, or Administrator DN user do not have rights to search/read this LDAP path.