Hello,
we are trying to configure a shinyproxy docker based containerized version on a redhat 8 Linux. The shinyproxy should authenticate against our Active Directory and permits only users that are members in a AD group named RShiny_Prod_ABS. All others are denied to login.
distinguishedName: CN=RShiny_Prod_ABS,OU=RShiny,OU=SLK_Ressource,OU=SLK_Users,DC=slk,DC=lokal
distinguishedName:
CN=Frank Trebin,OU=Abt_Edv,OU=SLK_Users,DC=slk,DC=lokal
Problem, it doesn’t work with the actual configuration. Every user that is a member in our AD is able to login but this is not what we want. We need a ldap Configuration to authenticate users, that are members in this special AD Group. Who can help ?
Here are our config files.
docker-compose.yml
version: ‘3.8’
services:
shinyproxy:
build: .
image: shinyproxy-template
restart: unless-stopped
container_name: ShinyProxy
user: 0:985
ports:
- 8080:8080
networks:
- sp-example-net
# https://github.com/docker/compose/issues/4700#issuecomment-813751699
volumes:
# Check permissions here
- /var/run/docker.sock:/var/run/docker.sock
- ./application.yml:/opt/shinyproxy/application.yml
networks:
sp-example-net:
name: sp-example-net
application.yml
proxy:
title: Analytics Shiny Proxy
logo-url: https://www.openanalytics.eu/shinyproxy/logo.png
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
authentication: ldap
ldap:
url: ldap://172.16.0.1:389/dc=slk,dc=lokal
manager-dn: ldapmanager@slk.lokal
manager-password: **********
user-search-filter: (sAMAccountName={0})
group-search-filter: (uniqueMember={0})
group-search-base: CN=RShiny_Prod_ABS,OU=RShiny,OU=SLK_Ressource,OU=SLK_Users
docker:
internal-networking: true
specs:
- id: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
container-cmd: [“R”, “-e”, “shinyproxy::run_01_hello()”]
container-image: openanalytics/shinyproxy-demo
container-network: sp-example-net - id: 06_tabsets
container-cmd: [“R”, “-e”, “shinyproxy::run_06_tabsets()”]
container-image: openanalytics/shinyproxy-demo
container-network: sp-example-net
logging:
level:
org.springframework.security.ldap.authentication: DEBUG
org.springframework.security.ldap.userdetails: DEBUG
file:
shinyproxy.log
docker logs -f ShinyProxy
2022-03-29 14:13:13.862 INFO 1 — [ main] e.o.c.util.StartupEventListener : Started ShinyProxy 2.6.0 (ContainerProxy 0.8.10)
2022-03-29 14:13:13.863 INFO 1 — [ main] e.o.c.service.AppRecoveryService : Recovery of running apps disabled
2022-03-29 14:13:24.223 INFO 1 — [ XNIO-1 task-1] io.undertow.servlet : Initializing Spring DispatcherServlet ‘dispatcherServlet’
2022-03-29 14:13:24.224 INFO 1 — [ XNIO-1 task-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet ‘dispatcherServlet’
2022-03-29 14:13:24.233 INFO 1 — [ XNIO-1 task-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 9 ms
2022-03-29 14:13:28.794 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.a.LdapAuthenticationProvider : Processing authentication request for user: franktrebin
2022-03-29 14:13:28.840 INFO 1 — [ XNIO-1 task-3] o.s.s.ldap.SpringSecurityLdapTemplate : Ignoring PartialResultException
2022-03-29 14:13:28.842 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.a.BindAuthenticator : Attempting to bind as cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal
2022-03-29 14:13:28.846 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.a.BindAuthenticator : Retrieving attributes…
2022-03-29 14:13:28.847 DEBUG 1 — [ XNIO-1 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal
2022-03-29 14:13:28.847 DEBUG 1 — [ XNIO-1 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user ‘franktrebin’, DN = ‘cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal’, with filter (uniqueMember={0}) in search base ‘CN=RShiny_Prod_ABS,OU=RShiny,OU=SLK_Ressource,OU=SLK_Users’
2022-03-29 14:13:28.852 DEBUG 1 — [ XNIO-1 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Roles from search: []
2022-03-29 14:13:28.853 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.u.LdapUserDetailsMapper : Mapping user details from context with DN: cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal
2022-03-29 14:13:28.855 INFO 1 — [ XNIO-1 task-3] e.o.containerproxy.service.UserService : User logged in [user: franktrebin]
2022-03-29 14:43:29.113 INFO 1 — [ XNIO-1 task-3] e.o.containerproxy.service.UserService : User logged out [user: franktrebin]
2022-03-30 08:21:06.233 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.a.LdapAuthenticationProvider : Processing authentication request for user: franktrebin
2022-03-30 08:21:06.251 INFO 1 — [ XNIO-1 task-3] o.s.s.ldap.SpringSecurityLdapTemplate : Ignoring PartialResultException
2022-03-30 08:21:06.251 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.a.BindAuthenticator : Attempting to bind as cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal
2022-03-30 08:21:06.257 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.a.BindAuthenticator : Retrieving attributes…
2022-03-30 08:21:06.258 DEBUG 1 — [ XNIO-1 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal
2022-03-30 08:21:06.259 DEBUG 1 — [ XNIO-1 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user ‘franktrebin’, DN = ‘cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal’, with filter (uniqueMember={0}) in search base ‘CN=RShiny_Prod_ABS,OU=RShiny,OU=SLK_Ressource,OU=SLK_Users’
2022-03-30 08:21:06.262 DEBUG 1 — [ XNIO-1 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Roles from search: []
2022-03-30 08:21:06.262 DEBUG 1 — [ XNIO-1 task-3] o.s.s.l.u.LdapUserDetailsMapper : Mapping user details from context with DN: cn=Frank Trebin,ou=Abt_Edv,ou=SLK_Users,dc=slk,dc=lokal
2022-03-30 08:21:06.262 INFO 1 — [ XNIO-1 task-3] e.o.containerproxy.service.UserService : User logged in [user: franktrebin]
2022-03-30 08:51:06.457 INFO 1 — [ XNIO-1 task-3] e.o.containerproxy.service.UserService : User logged out [user: franktrebin]
thank you in advance
Frank