The Harbor Registry is an enterprise-class image and helm registry server that stores and distributes container images and helm charts. With Harbor you can store and manage images for use with your Kubernetes, OpenShift and any other internal container orchestration platform. In this guide, we will explore how one can configure Active Directory user authentication on Harbor registry.

For Linux LDAP / FreeIPA, refer to: How To Integrate Harbor Registry With LDAP for user Authentication

Setup Pre-requisites

You’re expected to have a running Harbor image registry in the cloud or in your internal infrastructure. Refer to our guides below on the installation of Harbor image registry:

Install Harbor Image Registry on Kubernetes / OpenShift with Helm Chart

Install Harbor Container Image Registry on CentOS / Debian / Ubuntu

The recommended deployment method is on Kubernetes or OpenShift using Helm chart. I hope official operator will come out soon.

Configure Active Directory (AD) Authentication for Harbor Registry

On the Active Directory end, you should at minimum have:

  • User for Binding to Active Directory – Username and Password
  • A group for Harbor users
  • A Base DN for your Active Directory

So my sample configuration will be like this:

  • LDAP URL: ldap://
  • Bind User DN: cn=HarborAdmin,ou=BindUsers,dc=example,dc=net
  • Bind User Password: StronADUserPasss
  • Base DN: OU=CompanyUsers,DC=example,DC=net
  • LDAP UID: sAMAccountName
  • LDAP Scope: Subtree
  • LDAP Group Membership DN: CN=HarborUsers,OU=CompanyGroups,DC=example,DC=net

You’ll have to get correct values from your Active Directory and replace accordingly.

Step 1: Login to harbor dashboard as Admin

Login to your Harbor registry dashboard as admin user.

harbor ldap integration 04

Step 2: Configure LDAP Authentication for AD on Harbor

Then navigate to Administration > Configuration > Authentication

confiugure active directory authentication on harbor 01

Input your parameters. In my case these are:

Auth Mode: LDAP
LDAP URL: ldap://
LDAP Search DN: cn=HarborAdmin,ou=BindUsers,dc=example,dc=net
LDAP Search Password: StronADUserPasss
LDAP Base DN: OU=CompanyUsers,DC=example,DC=net
LDAP UID: sAMAccountName
LDAP Scope: Subtree
LDAP Group Membership: memberOf=CN=HarborUsers,OU=CompanyGroups,DC=example,DC=net

HarborUsers is the group in AD which has users allowed to access Harbor. This means you’ll need to add users to a group to be mapped here, so you don’t allow all users on AD.

Once all the values are provided, click “TEST LDAP SERVER” button to validate settings.

harbor ldap integration 02

If the connection is successful, you’ll get this message.

harbor ldap integration 03

Test login on Harbor web portal to confirm users on your Active Directory group can access the service.

harbor ldap integration 05

You need to authenticate to access Harbor registry on Docker machine.

$ docker login
Authenticating with existing credentials...
Existing credentials are invalid, please enter valid username and password
Username: computingforgeeks
Password: <LDAPPassword>
Login Succeeded!

Users can now login to Harbor image registry using Active Directory credentials.

More on image registries:

How To Prevent users from Creating Projects in Harbor registry

Install Project Quay Registry on OpenShift With Operator

Setup Docker Container Registry with Podman & Let’s Encrypt SSL

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here