Robot Account and LDAP integration

[sckaftan]

Due to the detailed authorization of the robot accounts, we want to use the robot accounts to execute automated activities. For whatever reason, each account must be recorded internally in a database, and the robot accounts should be recorded in the database in the same way.

Since this can be quite time-consuming and complex, I wanted to ask whether it is possible to create the robot account via LDAP, similar to the “normal” users, but with all the advantages and disadvantages of a robot account.

Given that Robot Account in Harbor starts with a prefix, I would like to know if LDAP users with the same prefix are treated as Robot Account similiar. And if not whether this is planned for a future feature

[wy65701436]

hi @sckaftan can you share more on request of creating the robot account via LDAP?

[holgrrr]

Maybe I can chime in for @sckaftan:
Having the robot users in LDAP/AD would be beneficial for
a) documentation purposes - some sites need to have each and every user documented in their user DB, even local service users
b) possibility to reuse such users on different systems

Scenario: you have a hierarchical registry setup with many Harbor installations and would like to use a specific user for synchronisation in all of them. Is there a more elegant way for this than manually creating this user in each Harbor instance? My naive thought here was to do this via a user from the LDAP.