Is there a simple way to configure Docker Private Registry 2.0 with LDAP?

I’m trying to follow that instruction:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

  • What to do about NPE when trying to build docker image using jenkins?
  • Implementing a CI/Deployment Pipeline for a Node app
  • exposing container ports for django application
  • Docker in Windows Server 2016 is not working
  • Gui application in docker. What about drivers?
  • Choose available memory for containers in Rancher
  • on my RHEL7 (3.10 kernel) machine. But could it be a faster and easiest way to connect to LDAP? I have Private registry 2.0 up and running with TLS self-signed certificate. I’m able to push and pull images from outside servers, but still looking into fast options to put into my command to make the registry running with LDAP.

    Right now I’m running my Docker with that command:

    docker run -d -p 5000:5000 --restart=always --name Docker_registry -v /data/docker_registry:/var/lib/registry -v /etc/docker/certs.d:/etc/docker/certs.d -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs.d/d-l-tools.ocnet.local.crt  -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs.d/d-l-tools.ocnet.local.key registry:2
    

    Are You able to help me? If I’m telling nginx to use LDAP, I’m getting this error:

    nginx_1     | 2016/05/31 10:37:31 [emerg] 1#1: unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
    nginx_1     | nginx: [emerg] unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
    docker_nginx_1 exited with code 1
    

    Seems that needs a module to use ldap, but how to add it, when nginx is only a docker container?

    EDITED:

    I have tried also this method:
    https://github.com/cesanta/docker_auth

    But when I use that command:

    docker run --rm -it --name docker_auth -p 5001:5001 -v /data/docker_registry/docker/docker_auth-master:/config:ro -v /var/log/docker_auth:/logs cesanta/docker_auth:stable /data/docker_registry/docker/docker_auth-master/docker-compose.yml
    

    I got that error:

    F0601 10:42:30.862161 1 main.go:167] Failed to load config: could not read /data/docker_registry/docker/docker_auth-master/docker-compose.yml: open /data/docker_registry/docker/docker_auth-master/docker-compose.yml: no such file or directory
    

    After that error I pushed all my configuration to /tmp and started from there, but I got the same issue (even if I have 777 permissions for the docker-compose.yml file).

    My docker-compose.yml looks like this:

    server:
      addr: :5001
      certificate: /data/docker_registry/docker/certs/docker-registry.crt
      key: /data/docker_registry/docker/certs/docker-registry.key
    token:
      issuer: Acme auth server
      expiration: 900
    ldap_auth:
      # Addr is the hostname:port or ip:port
      addr: "ldaps://ldap.xxxxxx.com:636/OU=ROOT,DC=xxxxx,DC=local?sAMAccountName?sub?(&(memberOf:1.2.840.113556.1.4.1941:=cn=xx_DOCKER_USERS,OU=xxxx,OU=Groups,OU=GLOB000,OU=Global,OU=ROOT,DC=xxxxx,DC=local)(objectClass=person))" SSL
      # Setup tls connection method to be
      # "" or "none": the communication won't be encrypted
      # "always": setup LDAP over SSL/TLS
      # "starttls": sets StartTLS as the encryption method
      tls: always
      # set to true to allow insecure tls
      insecure_tls_skip_verify: false
      # In case bind DN and password is required for querying user information,
      # specify them here. Plain text password is read from the file.
      bind_dn: "CN=xx_Docker_xx,OU=xxxxx_xxxxx,OU=xxxxxx,OU=xxxxxx,OU=xxxxx,OU=Root,DC=xxxxx,DC=local"
      bind_password_file: xxxxxxxx
      # User query settings. ${account} is expanded from auth request
      #base: o=example.com
      #filter: (&(uid=${account})(objectClass=person))
    acl:
      # This will allow authenticated users to pull/push
      - match:
       account: /.+/
      actions: ['*']
    
    
    registry:
      restart: always
      image: registry:2
    #  hostname: "Registry_docker"
      environment:
        - REGISTRY_DELETE_ENABLED=true
      volumes:
        - /data/docker_registry:/var/lib/registry
      ports:
        - 5000:5000
    

    I’m running on docker:

    cesanta]# docker version
    Client:
     Version:      1.11.1
     API version:  1.23
     Go version:   go1.5.4
     Git commit:   5604cbe
     Built:        Wed Apr 27 00:34:42 2016
     OS/Arch:      linux/amd64
    
    Server:
     Version:      1.11.1
     API version:  1.23
     Go version:   go1.5.4
     Git commit:   5604cbe
     Built:        Wed Apr 27 00:34:42 2016
     OS/Arch:      linux/amd64
    

    This seems to be better and easier, but somehow it could not read my configuration file… Thank You for all Your answers.

  • Docker volume on external hard drive
  • Issue getting memcache container to automatically start in Docker
  • Docker container specific disk quota
  • docker multiply hostnames for one container
  • Why so many layers on base images? Docker
  • Multi Maven Module Spring MVC Project to Spring Boot
  • One Solution collect form web for “Is there a simple way to configure Docker Private Registry 2.0 with LDAP?”

    Finally I have used that solution:

    https://github.com/tierratelematics/existing-ldap-docker-registry

    Had some TLS issues with LDAP connectivity (I used ldaps://) and openSSL should be upgraded on my side (I had 1.0.1 version), but at the end it seems to be an easiest option that is working well, as

    https://github.com/cesanta/docker_auth

    is not working for me for now.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.