invalid character '<' looking for beginning of value

[it4discovery]

Hi, While I am trying to pull it from docker hub I get "invalid character '<' looking for beginning of value" issue. Could you please assist me on this and let me know how I can resolve the issue. '''

docker pull hub.docker.com/tiredofit/nginx-ldap

Using default tag: latest Pulling repository hub.docker.com/tiredofit/nginx-ldap invalid character '<' looking for beginning of value '''

Thank you. Dan

[tiredofit]

Hi Dan, Interesting, Docker hub is no longer serving it that way. I get the same results. I've updated the Readme to use their shorter version: docker pull tiredofit/nginx-ldap:latest Hope this helps!

[it4discovery]

Thank you Dave for your quick response and action. I could successfully clone and run this app (via docker-compose) First of all, I am pretty new to docker and development environment. It is a while that I am struggling to find an appropriate solution for my case and I think your nginx-ldap app might be more suitable for my case. I will really appreciate if you could help me to set up and configure this app for my environment.

Here is the case:

• I have a web application (kafka-manager, port: 9000) on a container in the same machine that this nginx-ldap container is.
• I have a ldap server which is sitting on another host. My goal is: 1- Everybody who wants to access kafka-manager should authenticate against ldap 2- Restrict everyone's access to different pages of this application so that only a particular ldap group would have permission to do the changes and the rest can just view it. (this group and role is already defined and configured on ldap side)

Thank you for your assistance in advance.

Best Regards, Daniel

On Tue, Sep 25, 2018 at 3:10 PM Dave Conroy notifications@github.com wrote:

Closed #1 https://github.com/tiredofit/docker-nginx-ldap/issues/1.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/tiredofit/docker-nginx-ldap/issues/1#event-1866627236, or mute the thread https://github.com/notifications/unsubscribe-auth/Akhtif56o_vfJU-rnm5Z3g9C-nD6Fxhqks5uen-KgaJpZM4W5Dll .

[tiredofit]

Hi Daniel, While you could use this image in this scenario as a baseline for what you are trying to accomplish it looks like the majority of your work would be in managing a custom configuration file for Nginx. How I have this image setup is just managing authentication via basic auth (authenticating against LDAP) on the root page. In order to seperate you would need to create additional location directives to have different ACLs per folder/area in the 02-default.conf and then rebuild the image.

While it is certainly possible, I would actually recommend a much stronger solution. If you already have an LDAP directory in use with proper groups, is to setup something like LemonLDAP (I have an image too tiredofit/lemonldap:1.9-alpine-latest as the setup is pretty detailed that works right out of the box) and then use my tiredofit/nginx or my nginx-php-fpm images with the environment variable AUTHENTHICATION_MODE=LLNG then serve your web content that way.

With this you'd get the start of a single sign on solution that you could use for not only that application but many, also taking advantage of SAML/OpenID Connect. It allow access to applications and their subfolders by means of rules. It is a very robust product and I use in production with over 8000 users. I'm quite well versed in authentication and these sorts of infrastructure alignment scenarios, so if you or your organization is interested in some consulting I would be glad to help. All of the images I share here on github are in active production so work quite well together.

[it4discovery]

Hi Dave, Actually, I was not able to figure this out after a while spending time on it ! I am just evaluating to find a simple and proper solution for my case, then we might go farther and make it more specific and customized ! For my first step: I want a docker container, runs nginx with ladap capabilities, forces everyone who requests for a web application (kafkamanager:9000) to authenticate against the ldap server. [Assume this web application is being run in a different container on the same host]. So far, I have not found a simple and well-documented solution ! I was hoping your solution would be able to fulfill this requirement ! Not sure where the issue is but seems it is not obeying from "docker-compose.yml" and "02-default.conf" settings and every time it is just running through its default (hard-coded) configuration !! it doesn't even listen to port 9000 despite my configuration on "02-default.conf", also I couldn't find a way to stop nginx inside the container (I just try to kill the process) !! I am a bit confused with "nginx.conf", "01-ldap.conf", "02-default.conf", "Dockerfile", "docker-compose.yml", ... . I really need to understand the exact call flow. I would really appreciate your time and your help.

Thank you,

On Wed, Sep 26, 2018 at 4:18 PM Dave Conroy notifications@github.com wrote:

Hi Daniel, While you could use this image in this scenario as a baseline for what you are trying to accomplish it looks like the majority of your work would be in managing a custom configuration file for Nginx. How I have this image setup is just managing authentication via basic auth (authenticating against LDAP) on the root page. In order to seperate you would need to create additional location directives to have different ACLs per folder/area in the 02-default.conf and then rebuild the image.

While it is certainly possible, I would actually recommend a much stronger solution. If you already have an LDAP directory in use with proper groups, is to setup something like LemonLDAP (I have an image too tiredofit/lemonldap:1.9-alpine-latest as the setup is pretty detailed that works right out of the box) and then use my tiredofit/nginx or my nginx-php-fpm images with the environment variable AUTHENTHICATION_MODE=LLNG then serve your web content that way.

With this you'd get the start of a single sign on solution that you could use for not only that application but many, also taking advantage of SAML/OpenID Connect. It allow access to applications and their subfolders by means of rules. It is a very robust product and I use in production with over 8000 users. I'm quite well versed in authentication and these sorts of infrastructure alignment scenarios, so if you or your organization is interested in some consulting I would be glad to help. All of the images I share here on github are in active production so work quite well together.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/tiredofit/docker-nginx-ldap/issues/1#issuecomment-424855595, or mute the thread https://github.com/notifications/unsubscribe-auth/AkhtiZxHc72g05qxBQk_ZnvVceJvkvfVks5ue-EvgaJpZM4W5Dll .