Re: [E] Re: [EXT] LDAP issues

Hi All,

We haven't attempted using pgadmin and ldap outside of k8s as of yet. I am
able to auth using the same credentials passed when running ldapsearch
command from the command line directly.

We are creating a local image from the base 4.6.7 image and adding in the
config_local.py. I do see this file when exec directly into the container,
so it is being passed correctly when we create the image. I did notice a
ton of redirects when looking in the web console, but local login works.

PGADMIN_DEFAULT_EMAIL="xxxxxx"
PGADMIN_DEFAULT_PASSWORD="xxxxxxx"
PGADMIN_LISTEN_PORT=8080

# LDAP
AUTHENTICATION_SOURCES = ['ldap', 'internal']
LDAP_AUTO_CREATE_USER = True
LDAP_SERVER_URI = 'LDAP://xxx.dc.xxx.eng.xxx.com:389'
LDAP_BASE_DN = 'ou=user accounts,dc=win,dc=eng,dc=xxx,dc=com'
LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'
LDAP_SEARCH_FILTER = '(objectClass=user)'
LDAP_SEARCH_SCOPE = 'SUBTREE'
LDAP_SEARCH_BASE_DN = 'ou=user accounts,dc=xxx,dc=eng,dc=xxx,dc=com'
LDAP_CA_CERT_FILE = '/pgadmin4/cert/ldap.crt'
LDAP_BIND_USER = "xxx"
LDAP_BIND_PASSWORD = "xxxxx"
LDAP_CA_CERT_FILE = '/pgadmin4/cert/ldap.crt'

On Fri, May 6, 2022 at 1:28 AM <heiko(dot)onnebrink(at)metroitpartner(dot)com> wrote:

> Hi
>
> do you have a general problem to auth against LDAP or just when you deploy
> it on K8s?
> Also would be helpful if you share the (LDAP-related) arguments that you
> pass to the container
> cheers
> Heiko
>
>
>
> *From: *"Schroeder, Steven" <steven(dot)schroeder(at)verizonwireless(dot)com>
> *Date: *Thursday, 5. May 2022 at 23:44
> *To: *"pgadmin-support(at)postgresql(dot)org" <pgadmin-support(at)postgresql(dot)org>
> *Subject: *[EXT] LDAP issues
>
>
>
> Hi All,
>
>
>
> We are attempting to deploy pgadmin inside kubernetes with ldap
> authentication, but having issues getting it to work. We are able to
> deploy pgadmin and login locally, but no matter what ldap method we try,
> the credentials are not passed when we look at a pcap. The only attempt we
> ever see to our ldap server is when we set it to anonymous, but we get back
> the below response.
>
>
>
> 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this
> operation a successful bind must be completed on the connection
>
>
> Ever come across anyone else having issues in kubernetes with ldap?
>
>
>
> Thanks,
>
>
>
> Steve
>
> --
>
>
>
> Geschäftsanschrift/Business address: Wipro Business Solutions GmbH,
> Metro-Straße 12, 40235 Duesseldorf, Germany
> Geschäftsführung/Management Board: Thomas Viefhaus, Michael Seiger, Anandh
> Raghavan
>
> Sitz Düsseldorf, Amtsgericht Düsseldorf, HRB 18232/Registered Office
> Düsseldorf, Commercial Register of the Düsseldorf Local Court, HRB 18232
>
> Betreffend Mails von *(at)metroitpartner(dot)com
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wipro.com_business-2Dprocess_&d=DwMGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=Xs8b_CAmvjmELvHwTRokHCPDQnOwecuyWQyXJ0Uwh5qZTiYp5pyrQwjxOcKr6EJQ&m=vZT7mbTIhZzVZlGoJUVHPuia_Pr9Yufhjmi2JsKSqC5_dnTSeEOvzeTMbUEXObLf&s=vZXIp2RuHcC-3yvOvMZDptPeuOFbi7GR5OUbFzYq2Ug&e=>
> Die in dieser E-Mail enthaltenen Nachrichten und Anhänge sind
> ausschließlich für den bezeichneten Adressaten bestimmt. Sie können
> rechtlich geschützte, vertrauliche Informationen enthalten. Falls Sie nicht
> der bezeichnete Empfänger oder zum Empfang dieser E-Mail nicht berechtigt
> sind, ist die Verwendung, Vervielfältigung oder Weitergabe der Nachrichten
> und Anhänge untersagt. Falls Sie diese E-Mail irrtümlich erhalten haben,
> informieren Sie bitte unverzüglich den Absender und vernichten Sie die
> E-Mail.
>
> Regarding mails from *(at)metroitpartner(dot)com
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wipro.com_business-2Dprocess_&d=DwMGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=Xs8b_CAmvjmELvHwTRokHCPDQnOwecuyWQyXJ0Uwh5qZTiYp5pyrQwjxOcKr6EJQ&m=vZT7mbTIhZzVZlGoJUVHPuia_Pr9Yufhjmi2JsKSqC5_dnTSeEOvzeTMbUEXObLf&s=vZXIp2RuHcC-3yvOvMZDptPeuOFbi7GR5OUbFzYq2Ug&e=>
> This e-mail message and any attachment are intended exclusively for the
> named addressee. They may contain confidential information which may also
> be protected by professional secrecy. Unless you are the named addressee
> (or authorised to receive for the addressee) you may not copy or use this
> message or any attachment or disclose the contents to anyone else. If this
> e-mail was
>

--

*Steve Schroeder *|* veri**z**on*

Service Assurance

O 908-203-5487 | M 609-226-5995

5GC/Aether Homepage <https://aether.nss.vzwnet.com/> | Aether Status Page
<https://status.aether.nss.vzwnet.com/custom/aether/>