资源引擎>> registry-token-ldap>> 返回
项目作者: cblomart

项目描述 :
Authentication server for Docker Registry V2 with LDAP
高级语言: Go
项目地址: git://github.com/cblomart/registry-token-ldap.git
创建时间: 2018-08-25T16:32:37Z
项目社区:https://github.com/cblomart/registry-token-ldap
开源协议:MIT License
下载


registry-token-ldap

Go Report Card Maintainability codecov Drone Build Status License: MIT

Authentication Server for Registry v2 with ldap

Will provide tokens on basis of LDAP authentification.
LDAP authentification will be done by binding to ldap with the username and password provided.
This plugin is oriented to AD so the username will be matched to SamAccountName and a default domain is required.

The set of rules will be evaluated and the resultant actions for the scope will be returned.
Rules can be set on users or on groups.

configuration file

  1. # cert and key will be generated if file are not present
  2. jwscert: /etc/registry-token-ldap/cert.crt
  3. jwskey: /etc/registry-token-ldap/cert.key
  4. # issuer must match registry config
  5. issuer: "auth.registry.local"
  6. # ldap server to use
  7. ldapserver: ad.contoso.com
  8. # base to search for users
  9. ldapbase: "DC=contoso,DC=com"
  10. # domain to automaticaly add to auth request
  11. defaultdomain: CONTOSO
  12. # rules to provide access (cumulative)
  13. rules:
  14.   # Admin can do all
  15.   - group: "AdminGroup"
  16.     match: ".+"
  17.     actions: [ "push", "pull" ]
  18.   # Users can do all on their repo
  19.   - match: "${user}/.+"
  20.     actions: [ "push", "pull" ]
  21.   # Everybody can pull
  22.   - match: ".+"
  23.     actions: [ "pull" ]

optional config:

  1. # port to listen to (default "5001")
  2. port: 5500
  3. # path to listen to (default "token")
  4. path: auth
  5. # use secure tls for ldap (default: "insecure")
  6. LDAPTls: secure
  7. # attriute to find users (default: "sAMAccountName")
  8. LDAPAttribute: mail 
  9. # certificate to auth ca
  10. LDAPCa: /etc/ldapca.crt

License

See license