Hi All, We haven't attempted using pgadmin and ldap outside of k8s as of yet. I am able to auth using the same credentials passed when running ldapsearch command from the command line directly.
We are creating a local image from the base 4.6.7 image and adding in the config_local.py. I do see this file when exec directly into the container, so it is being passed correctly when we create the image. I did notice a ton of redirects when looking in the web console, but local login works. PGADMIN_DEFAULT_EMAIL="xxxxxx" PGADMIN_DEFAULT_PASSWORD="xxxxxxx" PGADMIN_LISTEN_PORT=8080 # LDAP AUTHENTICATION_SOURCES = ['ldap', 'internal'] LDAP_AUTO_CREATE_USER = True LDAP_SERVER_URI = 'LDAP://xxx.dc.xxx.eng.xxx.com:389' LDAP_BASE_DN = 'ou=user accounts,dc=win,dc=eng,dc=xxx,dc=com' LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName' LDAP_SEARCH_FILTER = '(objectClass=user)' LDAP_SEARCH_SCOPE = 'SUBTREE' LDAP_SEARCH_BASE_DN = 'ou=user accounts,dc=xxx,dc=eng,dc=xxx,dc=com' LDAP_CA_CERT_FILE = '/pgadmin4/cert/ldap.crt' LDAP_BIND_USER = "xxx" LDAP_BIND_PASSWORD = "xxxxx" LDAP_CA_CERT_FILE = '/pgadmin4/cert/ldap.crt' On Fri, May 6, 2022 at 1:28 AM <heiko.onnebr...@metroitpartner.com> wrote: > Hi > > do you have a general problem to auth against LDAP or just when you deploy > it on K8s? > Also would be helpful if you share the (LDAP-related) arguments that you > pass to the container > cheers > Heiko > > > > *From: *"Schroeder, Steven" <steven.schroe...@verizonwireless.com> > *Date: *Thursday, 5. May 2022 at 23:44 > *To: *"pgadmin-supp...@postgresql.org" <pgadmin-supp...@postgresql.org> > *Subject: *[EXT] LDAP issues > > > > Hi All, > > > > We are attempting to deploy pgadmin inside kubernetes with ldap > authentication, but having issues getting it to work. We are able to > deploy pgadmin and login locally, but no matter what ldap method we try, > the credentials are not passed when we look at a pcap. The only attempt we > ever see to our ldap server is when we set it to anonymous, but we get back > the below response. > > > > 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this > operation a successful bind must be completed on the connection > > > Ever come across anyone else having issues in kubernetes with ldap? > > > > Thanks, > > > > Steve > > -- > > > > Geschäftsanschrift/Business address: Wipro Business Solutions GmbH, > Metro-Straße 12, 40235 Duesseldorf, Germany > Geschäftsführung/Management Board: Thomas Viefhaus, Michael Seiger, Anandh > Raghavan > > Sitz Düsseldorf, Amtsgericht Düsseldorf, HRB 18232/Registered Office > Düsseldorf, Commercial Register of the Düsseldorf Local Court, HRB 18232 > > Betreffend Mails von *@metroitpartner.com > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wipro.com_business-2Dprocess_&d=DwMGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=Xs8b_CAmvjmELvHwTRokHCPDQnOwecuyWQyXJ0Uwh5qZTiYp5pyrQwjxOcKr6EJQ&m=vZT7mbTIhZzVZlGoJUVHPuia_Pr9Yufhjmi2JsKSqC5_dnTSeEOvzeTMbUEXObLf&s=vZXIp2RuHcC-3yvOvMZDptPeuOFbi7GR5OUbFzYq2Ug&e=> > Die in dieser E-Mail enthaltenen Nachrichten und Anhänge sind > ausschließlich für den bezeichneten Adressaten bestimmt. Sie können > rechtlich geschützte, vertrauliche Informationen enthalten. Falls Sie nicht > der bezeichnete Empfänger oder zum Empfang dieser E-Mail nicht berechtigt > sind, ist die Verwendung, Vervielfältigung oder Weitergabe der Nachrichten > und Anhänge untersagt. Falls Sie diese E-Mail irrtümlich erhalten haben, > informieren Sie bitte unverzüglich den Absender und vernichten Sie die > E-Mail. > > Regarding mails from *@metroitpartner.com > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wipro.com_business-2Dprocess_&d=DwMGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=Xs8b_CAmvjmELvHwTRokHCPDQnOwecuyWQyXJ0Uwh5qZTiYp5pyrQwjxOcKr6EJQ&m=vZT7mbTIhZzVZlGoJUVHPuia_Pr9Yufhjmi2JsKSqC5_dnTSeEOvzeTMbUEXObLf&s=vZXIp2RuHcC-3yvOvMZDptPeuOFbi7GR5OUbFzYq2Ug&e=> > This e-mail message and any attachment are intended exclusively for the > named addressee. They may contain confidential information which may also > be protected by professional secrecy. Unless you are the named addressee > (or authorised to receive for the addressee) you may not copy or use this > message or any attachment or disclose the contents to anyone else. If this > e-mail was > -- *Steve Schroeder *|* veri**z**on* Service Assurance O 908-203-5487 | M 609-226-5995 5GC/Aether Homepage <https://aether.nss.vzwnet.com/> | Aether Status Page <https://status.aether.nss.vzwnet.com/custom/aether/>
