Harbor: Configure LDAP Group Admin DN -- doc needed.

Yes, by "ldap_group_admin_dn", but it belongs to user settings, we are going to move all user settings to web ui and can not be configed by harbor.cfg in the future release.

Ok thanks, but how can I automate the installation in the future, when these settings can only be configured in the web ui?

I agree with Mr-iX if you remove it from harbor.cfg we will not able anymore to automate the install
please don't do that

@Mr-iX @obeyler
In upgrade the configurations remain.
In fresh install, you can automatically install and call the configurations API to set the configurations.

Could you explain more how to do with "call the configurations API to set the configurations" in fresh install
I also still don't understand why set the admin group ldap is an user setting, to my part as it will define an admin for harbor , any user shouldn't be able set this parameter. Just an admin or installer shoud have the right to set it. Could you explain more why you've done this choise ?
/reopen

We want the installation be idempotent, in your case if the admin update the ldap settings via UI, and you execute the installer again, the old settings will overwrites the settings admin made on UI. We need to make one setting only updatable via one way, either via config file or API.
We'll add more doc and FaQ before 1.8 is released.

Fixed in PR #7479

Sorry @stonezdj , I still don't understand why LDAP Group Admin DN is a user setting...
if this parameter allows (as I understand) to define the group of admin in LDAP, user should not be allowed to set it.
If it was, simple user can simply set his own group to automatically becomes admin.

I agree with @obeyler . @stonezdj , please clarify. All LDAP related settings are to be on harbor.cfg. BTW, the default harbor.cfg does not show the "ldap_group_admin_dn" as part of the configuration, so it should be added at least in commented-out form.