Is there a simple way to configure Docker Private Registry 2.0 with LDAP?

Question

I'm trying to follow that instruction:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

on my RHEL7 (3.10 kernel) machine. But could it be a faster and easiest way to connect to LDAP? I have Private registry 2.0 up and running with TLS self-signed certificate. I'm able to push and pull images from outside servers, but still looking into fast options to put into my command to make the registry running with LDAP.

Right now I'm running my Docker with that command:

docker run -d -p 5000:5000 --restart=always --name Docker_registry -v /data/docker_registry:/var/lib/registry -v /etc/docker/certs.d:/etc/docker/certs.d -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs.d/d-l-tools.ocnet.local.crt  -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs.d/d-l-tools.ocnet.local.key registry:2

Are You able to help me? If I'm telling nginx to use LDAP, I'm getting this error:

nginx_1     | 2016/05/31 10:37:31 [emerg] 1#1: unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
nginx_1     | nginx: [emerg] unknown directive "ldap_server" in /etc/nginx/conf.d/registry.conf:31
docker_nginx_1 exited with code 1

Seems that needs a module to use ldap, but how to add it, when nginx is only a docker container?

EDITED:

I have tried also this method: https://github.com/cesanta/docker_auth

But when I use that command:

docker run --rm -it --name docker_auth -p 5001:5001 -v /data/docker_registry/docker/docker_auth-master:/config:ro -v /var/log/docker_auth:/logs cesanta/docker_auth:stable /data/docker_registry/docker/docker_auth-master/docker-compose.yml

I got that error:

F0601 10:42:30.862161 1 main.go:167] Failed to load config: could not read /data/docker_registry/docker/docker_auth-master/docker-compose.yml: open /data/docker_registry/docker/docker_auth-master/docker-compose.yml: no such file or directory

After that error I pushed all my configuration to /tmp and started from there, but I got the same issue (even if I have 777 permissions for the docker-compose.yml file).

My docker-compose.yml looks like this:

server:
  addr: :5001
  certificate: /data/docker_registry/docker/certs/docker-registry.crt
  key: /data/docker_registry/docker/certs/docker-registry.key
token:
  issuer: Acme auth server
  expiration: 900
ldap_auth:
  # Addr is the hostname:port or ip:port
  addr: "ldaps://ldap.xxxxxx.com:636/OU=ROOT,DC=xxxxx,DC=local?sAMAccountName?sub?(&(memberOf:1.2.840.113556.1.4.1941:=cn=xx_DOCKER_USERS,OU=xxxx,OU=Groups,OU=GLOB000,OU=Global,OU=ROOT,DC=xxxxx,DC=local)(objectClass=person))" SSL
  # Setup tls connection method to be
  # "" or "none": the communication won't be encrypted
  # "always": setup LDAP over SSL/TLS
  # "starttls": sets StartTLS as the encryption method
  tls: always
  # set to true to allow insecure tls
  insecure_tls_skip_verify: false
  # In case bind DN and password is required for querying user information,
  # specify them here. Plain text password is read from the file.
  bind_dn: "CN=xx_Docker_xx,OU=xxxxx_xxxxx,OU=xxxxxx,OU=xxxxxx,OU=xxxxx,OU=Root,DC=xxxxx,DC=local"
  bind_password_file: xxxxxxxx
  # User query settings. ${account} is expanded from auth request
  #base: o=example.com
  #filter: (&(uid=${account})(objectClass=person))
acl:
  # This will allow authenticated users to pull/push
  - match:
   account: /.+/
  actions: ['*']


registry:
  restart: always
  image: registry:2
#  hostname: "Registry_docker"
  environment:
    - REGISTRY_DELETE_ENABLED=true
  volumes:
    - /data/docker_registry:/var/lib/registry
  ports:
    - 5000:5000

I'm running on docker:

cesanta]# docker version
Client:
 Version:      1.11.1
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   5604cbe
 Built:        Wed Apr 27 00:34:42 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.11.1
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   5604cbe
 Built:        Wed Apr 27 00:34:42 2016
 OS/Arch:      linux/amd64

This seems to be better and easier, but somehow it could not read my configuration file... Thank You for all Your answers.

Answer 1

Finally I have used that solution:

https://github.com/tierratelematics/existing-ldap-docker-registry

Had some TLS issues with LDAP connectivity (I used ldaps://) and openSSL should be upgraded on my side (I had 1.0.1 version), but at the end it seems to be an easiest option that is working well, as

https://github.com/cesanta/docker_auth

is not working for me for now.