Setup LDAP with rocker/rstudio


I have just spun up a docker image of rocker/tidyverse with a mounted volume for LDAP user's home directories. I've run the following commands inside the container to install and setup LDAP authentication:
apt update
apt install libnss-ldap libpam-ldap ldap-utils pamtester

I followed the prompts to setup connection to our LDAP server. I can now successfully login at the command prompt. The following command is successful:

pamtester login <user> authenticate

Where is a user in our LDAP system. I am prompted for a password and it responds successfully. I can also login to the command prompt using the command inside the container:

login <user>

Which prompts for a password and logs me in and changes to the user's home directory.

However when I attempt to login through the rstudio server web interface using a user from the LDAP system it says "Error: Incorrect or invalid username/password". I do not get any messages in the docker log after a successful or unsuccessful login attempt. I can successfully login using the user from the command from spinning up the container:

docker run --rm -d -e USER=startuser -e ROOT=TRUE -e PASSWORD=testing -v /ldaphome:/ldaphome rocker/tidyverse

I've also created accounts locally inside the container and can login using those accounts.

Any help in understanding why the LDAP users can't login to rocker/rstudio server but local users can would be appreciated. Also any help on understanding where the rstudio server login attempts are stored with rocker/rstudio would be appreciated (i.e. where are the log files).

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.

Apologies for the long delay responding to this, and now it is closed :slightly_frowning_face:

In any case, I was going to recommend that you take a look at sssd. It is kinda a pain to use within a container (because it is a service that has to be started / run), but it is a newer / more modern approach to LDAP domain joining and we have found success using it in our Professional stack (RStudio Server Pro, RStudio Connect, etc.).

Please feel free to start a new thread if you are still working on this topic and have questions for the community! Heading over to the R Admin section may be a better bet for this type of question!