Hi I tried to make it work but did not succeed.
Enter LDAP Password:
somepwd
# extended LDIF
#
# LDAPv3
# base <dc=madm,dc=net> with scope subtree
# filter: (userPrincipalName=heiko.onnebr...@metronom.com)
# requesting: ALL
#
# Onnebrink Heiko, HQ01-DUS, Users, DE, MSYS, r2.madm.net
dn: CN=Onnebrink Heiko,OU=HQ01-DUS,OU=Users,OU=DE,OU=MSYS,DC=r2,DC=madm,DC=net .. If I do the same query without providing a bind DN gives an sasl error
ldapsearch -H ldap://ldap.mgi.de:389 -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_500))
If I disable SASL (-x) it works but returns no data: ldapsearch -H ldap://ldap.mgi.de:389 -x -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)" # extended LDIF # # LDAPv3 # base <dc=R2, dc=madm,dc=net> with scope subtree # filter: (userPrincipalName=heiko.onnebr...@metronom.com) # requesting: ALL #
# search result search: 2 result: 0 Success
# numResponses: 1 I transferred now the above settings to the pgAdmin config (docker is used here)
'PGADMIN_CONFIG_AUTHENTICATION_SOURCES="ldap","internal"' -v '/dockerdata/pgadmin/servers.json:/servers.json' -v '/dockerdata/pgadmin/server.cert:/certs/server.cert'
-v '/dockerdata/pgadmin/server.key:/certs/server.key' -e PGADMIN_ENABLE_TLS=TRUE -e
PGADMIN_DEFAULT_PASSWORD=admin
-e PGADMIN_DEFAULT_EMAIL=ad...@metronom.com
registry.metroscales.io/rdb-dev/pgadmin:latest 2020-05-05 10:27:46,936: ERROR flask.app: Error binding to the LDAP server. Traceback (most recent call last): File "/pgadmin4/pgadmin/authenticate/ldap.py", line 115, in connect auto_bind=True File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 355, in __init__ self.do_auto_bind() File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 384, in do_auto_bind raise LDAPBindError(self.last_error) ldap3.core.exceptions.LDAPBindError: None From config description I do not see how I pass a bind user that would required (as we do not allow anonymous access) so that an LDAP query can be executed that finds
the logon user via his UPN. Once record is found we have the DN that can be used to bind the user with his entered password to verify that password is valid. Thanks for sharing how it works internally and what mistake I have here in my config..
Geschäftsanschrift/Business
address: METRO-NOM GmbH, Metro-Straße 12, 40235 Duesseldorf, Germany Betreffend
Mails von *@metronom.com Regarding mails from *@metronom.com |
- Problems to use LDAP again AD directory with disabled anon... heiko.onnebrink
- Problems to use LDAP again AD directory with disabled... heiko.onnebrink
- Re: Problems to use LDAP again AD directory with ... Khushboo Vashi
- AW: [EXT] Re: Problems to use LDAP again AD d... heiko.onnebrink
- Re: [EXT] Re: Problems to use LDAP again AD d... heiko.onnebrink
- Re: [EXT] Re: Problems to use LDAP again AD d... Khushboo Vashi
- Re: [EXT] Re: Problems to use LDAP again ... heiko.onnebrink
- Re: [EXT] Re: Problems to use LDAP a... Khushboo Vashi