LDAP search question

plopoyop · July 10, 2018, 11:40am

Hi,
I am trying to package the docker registry app :

I am stuck at ldap integration and since I am not confident with ldap I would like to know if anyone have the solution to my problem

To perfom the authentication, docker-registry use another service :

After ready (quickly, I may have missed something) http://moulinette.readthedocs.io/en/latest/ldap.html
For the authorisation query I put :

  # In case bind DN and password is required for querying user information,
  # specify them here. Plain text password is read from the file.
  #bind_dn:
  #bind_password_file:
  # User query settings. ${account} is expanded from auth request
  base: ou=users,dc=yunohost,dc=org
  filter: (&(objectclass=person)(uid=${account}))

I also tryed with:
filter: (&(uid=${account})(objectClass=inetOrgPerson))
filter: (&(|(objectclass=posixAccount))(uid=${account}))

When testing the autharization :

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 5001 (#0)
> GET /auth?service=Docker%20registry&scope=registry:catalog:* HTTP/1.1
> Host: 127.0.0.1:5001
> User-Agent: curl/7.52.1
> Accept: */*
> Authorization: Basic Y2xlbWVudDprZWVwZDRncnUK
> 
< HTTP/1.1 401 Unauthorized
< Content-Type: text/plain; charset=utf-8
< WWW-Authenticate: Basic realm="Acme auth server"
< X-Content-Type-Options: nosniff
< Date: Mon, 09 Jul 2018 20:21:06 GMT
< Content-Length: 13
< 
Auth failed.
* Curl_http_done: called premature == 0
* Connection #0 to host 127.0.0.1 left intact

On the container side I get :

I0709 20:21:06.439132       1 server.go:370] Auth request: {clement:***@127.0.0.1:33812 [{registry catalog [*]}]}
I0709 20:21:06.439151       1 ldap_auth.go:147] Dial: starting...127.0.0.1:389
I0709 20:21:06.439314       1 ldap_auth.go:167] search filter is (&(objectclass=person)(uid=clement))
I0709 20:21:06.439324       1 ldap_auth.go:177] Searching...basedDN:ou=users,dc=yunohost,dc=org, filter:(&(objectclass=person)(uid=clement))
I0709 20:21:06.440509       1 ldap_auth.go:198] Entry DN = uid=clement,ou=users,dc=yunohost,dc=org
I0709 20:21:06.444448       1 server.go:217] Authn LDAP clement -> false, map[], <nil>
W0709 20:21:06.444476       1 server.go:378] Auth failed: {clement:***@127.0.0.1:33812 [{registry catalog [*]}]}

So, if I don’t make any mistake, the ldap connection is working and it denied access to the user.
So, think I made a mistake into the base setting or the filter

Anyone has an idea about that ?

Gofannon · December 3, 2018, 12:09am

Hello,

I have issues with LDAP integration too. Is there any information for application packagers regarding how to integration an application with Yunohost LDAP?

The application i’m working on does not provide a lot of logs so I cannot corner the issue for now.

Josue · December 3, 2018, 12:56pm

Hello,

The LDAP config should be something like that :

Host:               ldap://localhost
Port:               389
Base DN:            dc=yunohost,dc=org
User DN:            ou=users,dc=yunohost,dc=org
LDAP Username:      uid
LDAP Email Address: mail

But It could depends of the applications