Обсуждение: Pgadmin with active directory.
Hello, I'm trying to enable ldap authentication with our active directory.
I configure config_distro.py with:
AUTHENTICATION_SOURCES = ['ldap', 'internal']
LDAP_AUTO_CREATE_USER = True
LDAP_CONNECTION_TIMEOUT = 30
LDAP_SERVER_URI = 'ldap://xxxx.pam.lan:389'
LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'
LDAP_SEARCH_FILTER = '(&(objectClass=user)(|(memberof=CN=00 - Gestionnaires Applications,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=00 - Administration Système,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=Urbanisation SEI,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)))'
LDAP_SEARCH_SCOPE = 'SUBTREE'
LDAP_BIND_USER = 'Browse.PGAdmin@pam.lan'
LDAP_BIND_PASSWORD = '...'
But still login or password invalid.
I have no more error in Apache log, or pgadmin log.
Do you have an idea?
Hi,
On Mon, Oct 5, 2020 at 6:44 PM Le-DOC <ledoc666@gmail.com> wrote:
Hello, I'm trying to enable ldap authentication with our active directory.I configure config_distro.py with:AUTHENTICATION_SOURCES = ['ldap', 'internal']LDAP_AUTO_CREATE_USER = TrueLDAP_CONNECTION_TIMEOUT = 30LDAP_SERVER_URI = 'ldap://xxxx.pam.lan:389'LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'LDAP_SEARCH_FILTER = '(&(objectClass=user)(|(memberof=CN=00 - Gestionnaires Applications,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=00 - Administration Système,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=Urbanisation SEI,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)))'LDAP_SEARCH_SCOPE = 'SUBTREE'LDAP_BIND_USER = 'Browse.PGAdmin@pam.lan'LDAP_BIND_PASSWORD = '...'
Please set LDAP_SEARCH_BASE_DN, Refer https://www.pgadmin.org/docs/pgadmin4/4.26/enabling_ldap_authentication.html for more information.
Thanks,
Khushboo
But still login or password invalid.I have no more error in Apache log, or pgadmin log.Do you have an idea?
Hello,
Email/Username is not valid.
When I try username. Case sensitive is correct.
If I try an email: incorrect username or password.
Thanks
Le mar. 6 oct. 2020 à 06:44, Khushboo Vashi <khushboo.vashi@enterprisedb.com> a écrit :
Hi,On Mon, Oct 5, 2020 at 6:44 PM Le-DOC <ledoc666@gmail.com> wrote:Hello, I'm trying to enable ldap authentication with our active directory.I configure config_distro.py with:AUTHENTICATION_SOURCES = ['ldap', 'internal']LDAP_AUTO_CREATE_USER = TrueLDAP_CONNECTION_TIMEOUT = 30LDAP_SERVER_URI = 'ldap://xxxx.pam.lan:389'LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'LDAP_SEARCH_FILTER = '(&(objectClass=user)(|(memberof=CN=00 - Gestionnaires Applications,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=00 - Administration Système,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=Urbanisation SEI,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)))'LDAP_SEARCH_SCOPE = 'SUBTREE'LDAP_BIND_USER = 'Browse.PGAdmin@pam.lan'LDAP_BIND_PASSWORD = '...'Please set LDAP_SEARCH_BASE_DN, Refer https://www.pgadmin.org/docs/pgadmin4/4.26/enabling_ldap_authentication.html for more information.Thanks,KhushbooBut still login or password invalid.I have no more error in Apache log, or pgadmin log.Do you have an idea?
Hi,
On Tue, Oct 6, 2020 at 1:07 PM Le-DOC <ledoc666@gmail.com> wrote:
Hello,Email/Username is not valid.When I try username. Case sensitive is correct.
So, you are able to login with your LDAP username and password.
Currently, the pgAdmin LDAP implementation only allows case sensitive username, but we do have RM (Ref: https://redmine.postgresql.org/issues/5836) to support the case insensitive username.
If I try an email: incorrect username or password.
Which email address are you trying ?
In case of LDAP Authentication, you can login only through valid LDAP username.
Thanks,
Khushboo
ThanksLe mar. 6 oct. 2020 à 06:44, Khushboo Vashi <khushboo.vashi@enterprisedb.com> a écrit :Hi,On Mon, Oct 5, 2020 at 6:44 PM Le-DOC <ledoc666@gmail.com> wrote:Hello, I'm trying to enable ldap authentication with our active directory.I configure config_distro.py with:AUTHENTICATION_SOURCES = ['ldap', 'internal']LDAP_AUTO_CREATE_USER = TrueLDAP_CONNECTION_TIMEOUT = 30LDAP_SERVER_URI = 'ldap://xxxx.pam.lan:389'LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'LDAP_SEARCH_FILTER = '(&(objectClass=user)(|(memberof=CN=00 - Gestionnaires Applications,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=00 - Administration Système,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=Urbanisation SEI,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)))'LDAP_SEARCH_SCOPE = 'SUBTREE'LDAP_BIND_USER = 'Browse.PGAdmin@pam.lan'LDAP_BIND_PASSWORD = '...'Please set LDAP_SEARCH_BASE_DN, Refer https://www.pgadmin.org/docs/pgadmin4/4.26/enabling_ldap_authentication.html for more information.Thanks,KhushbooBut still login or password invalid.I have no more error in Apache log, or pgadmin log.Do you have an idea?
It worked. Great 😀
May I change LDAP_USERNAME_ATTRIBUTE to mail for logining in with email from ldap instead of username?
Le mar. 6 oct. 2020 à 10:56, Khushboo Vashi <khushboo.vashi@enterprisedb.com> a écrit :
Hi,On Tue, Oct 6, 2020 at 1:07 PM Le-DOC <ledoc666@gmail.com> wrote:Hello,Email/Username is not valid.When I try username. Case sensitive is correct.So, you are able to login with your LDAP username and password.Currently, the pgAdmin LDAP implementation only allows case sensitive username, but we do have RM (Ref: https://redmine.postgresql.org/issues/5836) to support the case insensitive username.If I try an email: incorrect username or password.Which email address are you trying ?In case of LDAP Authentication, you can login only through valid LDAP username.Thanks,KhushbooThanksLe mar. 6 oct. 2020 à 06:44, Khushboo Vashi <khushboo.vashi@enterprisedb.com> a écrit :Hi,On Mon, Oct 5, 2020 at 6:44 PM Le-DOC <ledoc666@gmail.com> wrote:Hello, I'm trying to enable ldap authentication with our active directory.I configure config_distro.py with:AUTHENTICATION_SOURCES = ['ldap', 'internal']LDAP_AUTO_CREATE_USER = TrueLDAP_CONNECTION_TIMEOUT = 30LDAP_SERVER_URI = 'ldap://xxxx.pam.lan:389'LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'LDAP_SEARCH_FILTER = '(&(objectClass=user)(|(memberof=CN=00 - Gestionnaires Applications,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=00 - Administration Système,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=Urbanisation SEI,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)))'LDAP_SEARCH_SCOPE = 'SUBTREE'LDAP_BIND_USER = 'Browse.PGAdmin@pam.lan'LDAP_BIND_PASSWORD = '...'Please set LDAP_SEARCH_BASE_DN, Refer https://www.pgadmin.org/docs/pgadmin4/4.26/enabling_ldap_authentication.html for more information.Thanks,KhushbooBut still login or password invalid.I have no more error in Apache log, or pgadmin log.Do you have an idea?
On Tue, Oct 6, 2020 at 2:51 PM Le-DOC <ledoc666@gmail.com> wrote:
It worked. Great 😀May I change LDAP_USERNAME_ATTRIBUTE to mail for logining in with email from ldap instead of username?
As you are trying with a dedicated user approach, it should work. You can try it but you have to provide the exact attribute name for email address which is configured in your LDAP.
Le mar. 6 oct. 2020 à 10:56, Khushboo Vashi <khushboo.vashi@enterprisedb.com> a écrit :Hi,On Tue, Oct 6, 2020 at 1:07 PM Le-DOC <ledoc666@gmail.com> wrote:Hello,Email/Username is not valid.When I try username. Case sensitive is correct.So, you are able to login with your LDAP username and password.Currently, the pgAdmin LDAP implementation only allows case sensitive username, but we do have RM (Ref: https://redmine.postgresql.org/issues/5836) to support the case insensitive username.If I try an email: incorrect username or password.Which email address are you trying ?In case of LDAP Authentication, you can login only through valid LDAP username.Thanks,KhushbooThanksLe mar. 6 oct. 2020 à 06:44, Khushboo Vashi <khushboo.vashi@enterprisedb.com> a écrit :Hi,On Mon, Oct 5, 2020 at 6:44 PM Le-DOC <ledoc666@gmail.com> wrote:Hello, I'm trying to enable ldap authentication with our active directory.I configure config_distro.py with:AUTHENTICATION_SOURCES = ['ldap', 'internal']LDAP_AUTO_CREATE_USER = TrueLDAP_CONNECTION_TIMEOUT = 30LDAP_SERVER_URI = 'ldap://xxxx.pam.lan:389'LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'LDAP_SEARCH_FILTER = '(&(objectClass=user)(|(memberof=CN=00 - Gestionnaires Applications,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=00 - Administration Système,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)(memberof=CN=Urbanisation SEI,OU=Distribution,OU=_Groupes,DC=pam,DC=lan)))'LDAP_SEARCH_SCOPE = 'SUBTREE'LDAP_BIND_USER = 'Browse.PGAdmin@pam.lan'LDAP_BIND_PASSWORD = '...'Please set LDAP_SEARCH_BASE_DN, Refer https://www.pgadmin.org/docs/pgadmin4/4.26/enabling_ldap_authentication.html for more information.Thanks,KhushbooBut still login or password invalid.I have no more error in Apache log, or pgadmin log.Do you have an idea?