Friday, August 5, 2016

Configuring API Umbrella with LDAP - with containers

This is a live post on an on-going effort, configuring API Umbrella with LDAP, both in Docker containers.


Make the configuration file:
$ mkdir config && touch config/api-umbrella.yml

web:
  admin:
    initial_superusers:
      - pkathi2@emory.edu
    auth_strategies:
      enabled:
        - github
        - google
        - persona
        - ldap
      github:
        client_id: xxxxxxxxxxxxx
        client_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      google:
        client_id: yyyyyy-yyyy.apps.googleusercontent.com
        client_secret: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
      ldap:
        options:
          host: lion.bmi.emory.edu
          port: 389
          base: dc=example, dc=org


Follow the wiki on configuring github and google authentication.
http://api-umbrella.readthedocs.io/en/latest/getting-started.html
                                               

Run the OpenLDAP Docker container:
sudo docker run --hostname lion.bmi.emory.edu  -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.1.5


Run the API Umbrella Docker container:
sudo docker run -d --name=api-umbrella -p 80:80 -p 443:443  --link my-openldap-container:ldap -v $PWD/config:/etc/api-umbrella \
-v /var/log/api-umbrella/nginx:/var/log/api-umbrella/nginx \
           -v /var/log/api-umbrella/web-puma/current:/var/log/api-umbrella/web-puma/current \
           -v /var/log/api-umbrella/trafficserver/access.blog:/var/log/api-umbrella/trafficserver/access.blog \
nrel/api-umbrella




Unfortunately when ldap is enabled in the configuration file, https://lion.bmi.emory.edu/admin/ is throwing a gateway timeout. This might be something to do with the OmniAuth LDAP configurations. The documentation is still an issue with API Umbrella, just like other API gateways that I tried recently.

This issue also has been reported to API Umbrella team.

No comments:

Post a Comment

You are welcome to provide your opinions in the comments. Spam comments and comments with random links will be deleted.