Hi,
I am trying to package the docker registry app :
I am stuck at ldap integration and since I am not confident with ldap I would like to know if anyone have the solution to my problem
To perfom the authentication, docker-registry use another service :
After ready (quickly, I may have missed something) http://moulinette.readthedocs.io/en/latest/ldap.html
For the authorisation query I put :
# In case bind DN and password is required for querying user information,
# specify them here. Plain text password is read from the file.
#bind_dn:
#bind_password_file:
# User query settings. ${account} is expanded from auth request
base: ou=users,dc=yunohost,dc=org
filter: (&(objectclass=person)(uid=${account}))
I also tryed with:
filter: (&(uid=${account})(objectClass=inetOrgPerson))
filter: (&(|(objectclass=posixAccount))(uid=${account}))
When testing the autharization :
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 5001 (#0)
> GET /auth?service=Docker%20registry&scope=registry:catalog:* HTTP/1.1
> Host: 127.0.0.1:5001
> User-Agent: curl/7.52.1
> Accept: */*
> Authorization: Basic Y2xlbWVudDprZWVwZDRncnUK
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/plain; charset=utf-8
< WWW-Authenticate: Basic realm="Acme auth server"
< X-Content-Type-Options: nosniff
< Date: Mon, 09 Jul 2018 20:21:06 GMT
< Content-Length: 13
<
Auth failed.
* Curl_http_done: called premature == 0
* Connection #0 to host 127.0.0.1 left intact
On the container side I get :
I0709 20:21:06.439132 1 server.go:370] Auth request: {clement:***@127.0.0.1:33812 [{registry catalog [*]}]}
I0709 20:21:06.439151 1 ldap_auth.go:147] Dial: starting...127.0.0.1:389
I0709 20:21:06.439314 1 ldap_auth.go:167] search filter is (&(objectclass=person)(uid=clement))
I0709 20:21:06.439324 1 ldap_auth.go:177] Searching...basedDN:ou=users,dc=yunohost,dc=org, filter:(&(objectclass=person)(uid=clement))
I0709 20:21:06.440509 1 ldap_auth.go:198] Entry DN = uid=clement,ou=users,dc=yunohost,dc=org
I0709 20:21:06.444448 1 server.go:217] Authn LDAP clement -> false, map[], <nil>
W0709 20:21:06.444476 1 server.go:378] Auth failed: {clement:***@127.0.0.1:33812 [{registry catalog [*]}]}
So, if I donβt make any mistake, the ldap connection is working and it denied access to the user.
So, think I made a mistake into the base
setting or the filter
Anyone has an idea about that ?