Re: pgadmin4 container deployment with ldap-authentication

Mon, 10 Aug 2020 21:10:22 -0700 

Hi,


On Tue, Aug 11, 2020 at 4:35 AM Hendrik Hansmeier <
hendrik.hansme...@hh-it.co> wrote:

> Hi,
>
> i am trying to get pgadmin4 running in server-mode as a docker-container.
> So i pulled the image and after i tried out the image a little bit, i tried
> to use ldap-authentication.
>
> Unfortunately, i didn't get it running as expected. I am not able to
> authenticate against my samba 4-domain. This is how i tried to launch the
> container:
>
> docker run -p 8280:80
>     -e "PGADMIN_DEFAULT_EMAIL=<emailAddress>"
>     -e "PGADMIN_DEFAULT_PASSWORD=<password>"
>     -e "AUTHENTICATION_SOURCES=['ldap']"
>     -e "LDAP_AUTO_CREATE_USER=True"
>     -e "LDAP_SERVER_URI='ldaps://<domaincontroller>:636'"
>     -e "LDAP_BASE_DN='cn=Users,dc=mydomain,dc=local'"
>     -e "LDAP_BIND_USER='cn=User1,cn=Users,dc=mydomain,dc=local'"
>     -e "LDAP_BIND_PASSWORD=<BindDNPassword>"
>     -e "LDAP_CA_CERT_FILE='/etc/ssl/certs/myca.pem'"
>     -e "LDAP_CERT_FILE='/etc/ssl/certs/my.cert.pem'"
>     -e "LDAP_KEY_FILE='/etc/ssl/private/my.key.pem'"
>     -d dpage/pgadmin4
>
> I am using the container behind a reverse-proxy on nginx (debian buster),
> for the first try via http. The authentication with the given user
> PGADMIN_DEFAULT_EMAIL works as expected but ldap-authentication results in
> an error-message "Specified user does not exist".
>
> Am i using the environment-parameters for ldap-authentication correctly?
> May a reverse-proxy over https help to get ldaps working?
>
The variable prefix "*PGADMIN_CONFIG_"*  should be used to override any of
the configuration options in pgAdmin’s *config.py* file. So add this prefix
to all the config params you have used. (Ex, AUTHENTICATION_SOURCES,
LDAP_SERVER_URI
etc...)

Ex:  AUTHENTICATION_SOURCES should be PGADMIN_CONFIG_AUTHENTICATION_SOURCES
Please refer
https://www.pgadmin.org/docs/pgadmin4/4.24/container_deployment.html#environment-variables
for
more information.

Also, set LDAP_SEARCH_BASE_DN param which is required to configure LDAP
Authentication in Dedicated User mode (which you have configured).
Please refer
https://www.pgadmin.org/docs/pgadmin4/4.24/enabling_ldap_authentication.html

Thanks,
Khushboo

-- 
> Best regards,
>
> Hendrik Hansmeier
>
>
> Hendrik Hansmeier IT-Consulting ::: Bunsenstraße 5 ::: 51647 Gummersbach
> FON +49 (0) 2261 814 174 ::: MOB +49 (0) 151 235 866 02 ::: E-MAIL
> hendrik.hansme...@hh-it.co
> USt-IdNr.: DE311717013 ::: Finanzamt Gummersbach
>
>

Reply via email to