Is there a simple way to configure Docker Private Registry 2.0 with LDAP?

I’m trying to follow that instruction:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

  • Ignite on Docker
  • Docker - Rollback data in MySQL container after recreating
  • Docker Mount an entire mounted host partition as a data volume
  • How to run docker image as singleton
  • Use a configuration file from the host when building a Docker image
  • Freegeoip with Docker Cloud
  • on my RHEL7 (3.10 kernel) machine. But could it be a faster and easiest way to connect to LDAP? I have Private registry 2.0 up and running with TLS self-signed certificate. I’m able to push and pull images from outside servers, but still looking into fast options to put into my command to make the registry running with LDAP.

    Right now I’m running my Docker with that command:

    docker run -d -p 5000:5000 --restart=always --name Docker_registry -v /data/docker_registry:/var/lib/registry -v /etc/docker/certs.d:/etc/docker/certs.d -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs.d/d-l-tools.ocnet.local.crt  -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs.d/d-l-tools.ocnet.local.key registry:2
    

    Are You able to help me? If I’m telling nginx to use LDAP, I’m getting this error:

    nginx_1     | 2016/05/31 10:37:31 [emerg] 1#1: unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
    nginx_1     | nginx: [emerg] unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
    docker_nginx_1 exited with code 1
    

    Seems that needs a module to use ldap, but how to add it, when nginx is only a docker container?

    EDITED:

    I have tried also this method:
    https://github.com/cesanta/docker_auth

    But when I use that command:

    docker run --rm -it --name docker_auth -p 5001:5001 -v /data/docker_registry/docker/docker_auth-master:/config:ro -v /var/log/docker_auth:/logs cesanta/docker_auth:stable /data/docker_registry/docker/docker_auth-master/docker-compose.yml
    

    I got that error:

    F0601 10:42:30.862161 1 main.go:167] Failed to load config: could not read /data/docker_registry/docker/docker_auth-master/docker-compose.yml: open /data/docker_registry/docker/docker_auth-master/docker-compose.yml: no such file or directory
    

    After that error I pushed all my configuration to /tmp and started from there, but I got the same issue (even if I have 777 permissions for the docker-compose.yml file).

    My docker-compose.yml looks like this:

    server:
      addr: :5001
      certificate: /data/docker_registry/docker/certs/docker-registry.crt
      key: /data/docker_registry/docker/certs/docker-registry.key
    token:
      issuer: Acme auth server
      expiration: 900
    ldap_auth:
      # Addr is the hostname:port or ip:port
      addr: "ldaps://ldap.xxxxxx.com:636/OU=ROOT,DC=xxxxx,DC=local?sAMAccountName?sub?(&(memberOf:1.2.840.113556.1.4.1941:=cn=xx_DOCKER_USERS,OU=xxxx,OU=Groups,OU=GLOB000,OU=Global,OU=ROOT,DC=xxxxx,DC=local)(objectClass=person))" SSL
      # Setup tls connection method to be
      # "" or "none": the communication won't be encrypted
      # "always": setup LDAP over SSL/TLS
      # "starttls": sets StartTLS as the encryption method
      tls: always
      # set to true to allow insecure tls
      insecure_tls_skip_verify: false
      # In case bind DN and password is required for querying user information,
      # specify them here. Plain text password is read from the file.
      bind_dn: "CN=xx_Docker_xx,OU=xxxxx_xxxxx,OU=xxxxxx,OU=xxxxxx,OU=xxxxx,OU=Root,DC=xxxxx,DC=local"
      bind_password_file: xxxxxxxx
      # User query settings. ${account} is expanded from auth request
      #base: o=example.com
      #filter: (&(uid=${account})(objectClass=person))
    acl:
      # This will allow authenticated users to pull/push
      - match:
       account: /.+/
      actions: ['*']
    
    
    registry:
      restart: always
      image: registry:2
    #  hostname: "Registry_docker"
      environment:
        - REGISTRY_DELETE_ENABLED=true
      volumes:
        - /data/docker_registry:/var/lib/registry
      ports:
        - 5000:5000
    

    I’m running on docker:

    cesanta]# docker version
    Client:
     Version:      1.11.1
     API version:  1.23
     Go version:   go1.5.4
     Git commit:   5604cbe
     Built:        Wed Apr 27 00:34:42 2016
     OS/Arch:      linux/amd64
    
    Server:
     Version:      1.11.1
     API version:  1.23
     Go version:   go1.5.4
     Git commit:   5604cbe
     Built:        Wed Apr 27 00:34:42 2016
     OS/Arch:      linux/amd64
    

    This seems to be better and easier, but somehow it could not read my configuration file… Thank You for all Your answers.

  • How to partition web application in Docker
  • Cannot authenticate to Docker in Elastic Beanstalk through S3
  • How can I automatically run a docker container on/after image build?
  • Telegraf unable to connect to InfluxDB
  • Multiple docker containers for mysql or one instance with multiple databases
  • Dockerfile: RUN command with special parameters
  • One Solution collect form web for “Is there a simple way to configure Docker Private Registry 2.0 with LDAP?”

    Finally I have used that solution:

    https://github.com/tierratelematics/existing-ldap-docker-registry

    Had some TLS issues with LDAP connectivity (I used ldaps://) and openSSL should be upgraded on my side (I had 1.0.1 version), but at the end it seems to be an easiest option that is working well, as

    https://github.com/cesanta/docker_auth

    is not working for me for now.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.