LDAP search question


I am trying to package the docker registry app :

I am stuck at ldap integration and since I am not confident with ldap I would like to know if anyone have the solution to my problem :slight_smile:

To perfom the authentication, docker-registry use another service :

After ready (quickly, I may have missed something) http://moulinette.readthedocs.io/en/latest/ldap.html
For the authorisation query I put :

  # In case bind DN and password is required for querying user information,
  # specify them here. Plain text password is read from the file.
  # User query settings. ${account} is expanded from auth request
  base: ou=users,dc=yunohost,dc=org
  filter: (&(objectclass=person)(uid=${account}))

I also tryed with:
filter: (&(uid=${account})(objectClass=inetOrgPerson))
filter: (&(|(objectclass=posixAccount))(uid=${account}))

When testing the autharization :

*   Trying
* Connected to ( port 5001 (#0)
> GET /auth?service=Docker%20registry&scope=registry:catalog:* HTTP/1.1
> Host:
> User-Agent: curl/7.52.1
> Accept: */*
> Authorization: Basic Y2xlbWVudDprZWVwZDRncnUK
< HTTP/1.1 401 Unauthorized
< Content-Type: text/plain; charset=utf-8
< WWW-Authenticate: Basic realm="Acme auth server"
< X-Content-Type-Options: nosniff
< Date: Mon, 09 Jul 2018 20:21:06 GMT
< Content-Length: 13
Auth failed.
* Curl_http_done: called premature == 0
* Connection #0 to host left intact

On the container side I get :

I0709 20:21:06.439132       1 server.go:370] Auth request: {clement:***@ [{registry catalog [*]}]}
I0709 20:21:06.439151       1 ldap_auth.go:147] Dial: starting...
I0709 20:21:06.439314       1 ldap_auth.go:167] search filter is (&(objectclass=person)(uid=clement))
I0709 20:21:06.439324       1 ldap_auth.go:177] Searching...basedDN:ou=users,dc=yunohost,dc=org, filter:(&(objectclass=person)(uid=clement))
I0709 20:21:06.440509       1 ldap_auth.go:198] Entry DN = uid=clement,ou=users,dc=yunohost,dc=org
I0709 20:21:06.444448       1 server.go:217] Authn LDAP clement -> false, map[], <nil>
W0709 20:21:06.444476       1 server.go:378] Auth failed: {clement:***@ [{registry catalog [*]}]}

So, if I don’t make any mistake, the ldap connection is working and it denied access to the user.
So, think I made a mistake into the base setting or the filter

Anyone has an idea about that ?



I have issues with LDAP integration too. Is there any information for application packagers regarding how to integration an application with Yunohost LDAP?

The application i’m working on does not provide a lot of logs so I cannot corner the issue for now.



The LDAP config should be something like that :

Host:               ldap://localhost
Port:               389
Base DN:            dc=yunohost,dc=org
User DN:            ou=users,dc=yunohost,dc=org
LDAP Username:      uid
LDAP Email Address: mail

But It could depends of the applications