Good day,
New to pgadmin, loving it so far. Got it up and running. Now
trying to bind to our AD using LDAP, Window Server 2016. Below is the following
issue / error but I am not finding a good log or method for debugging the
issue. Can anyone point me to where I need to look? I followed the info in
https://www.pgadmin.org/docs/pgadmin4/5.5/ldap.html. I feel one thing in the
future that would help is an example of this working. If I figure this out may
post a blog on Medium to show what I did. I tested the Bind user and it can
authenticate with the AD through LDAP. Thanks for any help.
python lib/python3.7/site-packages/pgadmin4/pgAdmin4.py
Starting pgAdmin 4. Please navigate to http://0.0.0.0:5050 in your browser.
2021-08-04 10:22:52,822: WARNING werkzeug: WebSocket transport not
available. Install simple-websocket for improved performance.
* Serving Flask app "pgadmin" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production
deployment.
Use a production WSGI server instead.
* Debug mode: off
2021-08-04 10:23:01,788: ERROR pgadmin: Error binding to the LDAP
server.
Traceback (most recent call last):
File
"/usr/share/nginx/pgadmin4/bin/.pgadmin4/lib/python3.7/site-packages/pgadmin4/pgadmin/authenticate/ldap.py",
line 120, in connect
authentication=SIMPLE
File
"/usr/share/nginx/pgadmin4/bin/.pgadmin4/lib/python3.7/site-packages/ldap3/core/connection.py",
line 363, in __init__
self._do_auto_bind()
File
"/usr/share/nginx/pgadmin4/bin/.pgadmin4/lib/python3.7/site-packages/ldap3/core/connection.py",
line 412, in _do_auto_bind
raise LDAPBindError(error)
ldap3.core.exceptions.LDAPBindError: automatic bind not successful -
invalidCredentials
lib/python3.7/site-packages/pgadmin4/config_local.py:
##########################################################################
# pgAdmin4 Server Configuration
##########################################################################
DEFAULT_SERVER = '0.0.0.0'
DEFAULT_SERVER_PORT = 5050
LOG_FILE = '/var/log/pgadmin4/pgadmin4.log'
SQLITE_PATH =
'/usr/share/nginx/pgadmin4/pgadmin4.db'
SESSION_DB_PATH =
'/usr/share/nginx/pgadmin4/sessions'
STORAGE_DIR =
'/usr/share/nginx/pgadmin4/storage'
SERVER_MODE = True
##########################################################################
# Authentication Configuration
##########################################################################
AUTHENTICATION_SOURCES = ['ldap', 'internal']
##########################################################################
# LDAP Configuration
##########################################################################
# After ldap authentication, user will be added
into the SQLite database
# automatically, if set to True.
# Set it to False, if user should not be added
automatically,
# in this case Admin has to add the user
manually in the SQLite database.
LDAP_AUTO_CREATE_USER = True
# Specifies the connection timeout (in seconds)
for LDAP authentication.
LDAP_CONNECTION_TIMEOUT = 30
# Server connection details (REQUIRED)
# example: ldap://<ip-address>:<port> or
ldap://<hostname>:<port>
LDAP_SERVER_URI = 'ldap://ldap.ourdomain.com:389'
# The LDAP attribute containing user names. In
OpenLDAP, this may be 'uid'
# whilst in AD, 'sAMAccountName' might be
appropriate. (REQUIRED)
LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName'
##########################################################################
# 3 ways to configure LDAP as follows (Choose
anyone):
# 1. Dedicated User binding
# LDAP Bind User DN Example: cn=username,dc=example,dc=com
# Set this parameter to allow the connection to bind using a dedicated user.
# After the connection is made, the pgadmin login user will be further
# authenticated by the username and password provided
# at the login screen.
LDAP_BIND_USER =
'OU=SVC_pgAdmin_Auth,OU=Users,OU=Accounts,OU=Corporate,DC=ourdomain,DC=com'
# LDAP Bind User Password
LDAP_BIND_PASSWORD = '...'
# OR ####################
# 2. Anonymous Binding
# Set this parameter to allow the anonymous bind.
# After the connection is made, the pgadmin login user will be further
# authenticated by the username and password provided
LDAP_ANONYMOUS_BIND = False
# OR ####################
# 3. Bind as pgAdmin user
# BaseDN (REQUIRED)
# AD example:
# (&(objectClass=user)(memberof=CN=MYGROUP,CN=Users,dc=example,dc=com))
# OpenLDAP example: CN=Users,dc=example,dc=com
#LDAP_BASE_DN = 'OU=Users,OU=Accounts,OU=Corporate,DC=ourdomain,DC=com'
#LDAP_BASE_DN = '(&(objectClass=domain
user)(memberof=CN=Users,dc=ourdomain,dc=com))'
##########################################################################
# Search ldap for further authentication (REQUIRED)
# It can be optional while bind as pgAdmin user
#LDAP_SEARCH_BASE_DN = '<Search-Base-DN>'
# Filter string for the user search.
# For OpenLDAP, '(cn=*)' may well be enough.
# For AD, you might use '(objectClass=user)' (REQUIRED)
LDAP_SEARCH_FILTER = '(objectclass=*)'
#LDAP_SEARCH_FILTER = '(&(objectclass=domain
user)(|(memberOf=OU=Users,OU=Accounts,OU=Corporate,DC=ourdomain,DC=com)))'
# Indicates the set of entries at or below the Base DN that maybe considered
as*
# potential matches for a search request. You can specify the scope of a
search*
# as either a base, level, or subtree search. A base search limits the search
to*
# the base object. A level search is restricted to the immediate children of a*
# base object, but excludes the base object itself. A subtree search includes*
# all child objects as well as the base object.
# Search scope for users (one of BASE, LEVEL or SUBTREE)
LDAP_SEARCH_SCOPE = 'SUBTREE'
# Use TLS? If the URI scheme is ldaps://, this is ignored.
LDAP_USE_STARTTLS = False
# TLS/SSL certificates. Specify if required, otherwise leave empty
#LDAP_CA_CERT_FILE = ''
#LDAP_CERT_FILE = ''
#LDAP_KEY_FILE = ''
Jonathan
