LDAP group matching example?

[jmmills]

Can someone give me a hint on how I would write the config to source authentication from LDAP, and then specify access control based on group?

Essentially I want members of the developer group to be able to pull images but not push them (so nobody accidentally clobbers a production image).

Also, I was able to get registry v2 negotiating TLS and authentication with a basic auth backend, and it works like a charm. So thanks! (I didn't it using puppet and systemd unit files, if anyone is interested in example snippets of how that's done),

[rojer]

i assume you want to control access to certain images based on group membership. this is not possible currently and will require code changes - a "LDAP authorizer" will have to be written. currently we only have authenticator.

[xinzhangcmu]

any plan to add support for group based authz? I have been trying the docker authz in our enterprise setting (and it works great, thanks!), and have the exact need

[rojer]

no immediate plans. docker_auth is a side project for us at cesanta, and we don't use LDAP auth. LDAP auth was contributed by @summerQLin - maybe you can ask (or pay) him to do it. i will accept PR if you decide to do it and wish to contribute.

[ozbillwang]

+1 Need this same feature as well.

@summerQLin

[Stephan1984]

+1 This feature would be great. @summerQLin

[tianon]

This seems kind of similar to https://github.com/cesanta/docker_auth/issues/117, and thus could probably be helped by https://github.com/cesanta/docker_auth/pull/139, right?

[zapp42]

I think this issue can be closed.