Re: What does this icon means?

2020-05-05 Thread Barrington-Hughes, Alan 
My thought is that icon started appearing with the expanded support for 
partitioned tables, so is this a table that is partitioned or a table that 
holds partitioned data?

Cheers, Alan
--
Alan Barrington-Hughes
Software Architect
Quality & Regulatory Development
Office: 704.816.5655 | Main: 704.357.0022
alan_barrington-hug...@premierinc.com
  |  Premier, Inc. (NASDAQ: PINC)
Team Award Winner

On May 4, 2020, at 5:55 PM, Edson Richter 
mailto:edsonrich...@hotmail.com>> wrote:

This email did not originate from the Premier, Inc. network. Use caution 
when opening attachments or clicking on URLs.*


.
K 🙂

Would the development team create a documentation page describing each icon 
used in the object tree?

Thanks,

Edson


De: Cherio mailto:che...@gmail.com>>
Enviado: segunda-feira, 4 de maio de 2020 18:38
Para: Edson Richter mailto:edsonrich...@hotmail.com>>
Cc: pgadmin-support 
lists.postgresql.org
 
mailto:pgadmin-support@lists.postgresql.org>>
Assunto: Re: What does this icon means?

My interpretation is it is telling you which way to look.
Sorry :)

On Mon, May 4, 2020 at 10:17 AM Edson Richter 
mailto:edsonrich...@hotmail.com>> wrote:
A small arrow at table icon means what?



Thanks,

Edson

Problems to use LDAP again AD directory with disabled anonymous logon

2020-05-05 Thread heiko.onnebrink 




Hi
I am exited to see that with the latest patch we have LDAP support in pgAdmin
I tried to make it work but did not succeed.


We use Microsoft AD. We have a global catalog that allows LDAP access but anonymous access is disabled.

I have a technical user SVCLDAP that I can use to auth against LDAP and search for a user via UPN and did some ldapsearch tests before I changed the config of pgAdmin:

ldapsearch -H ldap://ldap.mgi.de:389 -D "CN=SVCLDAP, CN=Users, DC=ASF, DC=madm, DC=net" -W  -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"

Enter LDAP Password:
somepwd

 

# extended LDIF

#

# LDAPv3

# base  with scope subtree

# filter: (userPrincipalName=heiko.onnebr...@metronom.com)

# requesting: ALL

#

 

# Onnebrink Heiko, HQ01-DUS, Users, DE, MSYS, r2.madm.net

dn: CN=Onnebrink Heiko,OU=HQ01-DUS,OU=Users,OU=DE,OU=MSYS,DC=r2,DC=madm,DC=net
..
 
If I do the same query without providing a bind DN gives an sasl error
 

ldapsearch -H ldap://ldap.mgi.de:389 -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"





SASL/GSSAPI authentication started

ldap_sasl_interactive_bind_s: Local error (-2)

additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_500))



If I disable SASL (-x) it works but returns no data:
 
ldapsearch -H ldap://ldap.mgi.de:389 -x  -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (userPrincipalName=heiko.onnebr...@metronom.com)
# requesting: ALL
#

 
# search result
search: 2
result: 0 Success

 
# numResponses: 1
 
I transferred now the above settings to the pgAdmin config (docker is used here)

docker run -p 443:443 --name pgadminssl -e 'PGADMIN_CONFIG_LDAP_SERVER_URI="ldap://ldap.mgi.de:389"'  -e 'PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE="userPrincipalName"' -e 'PGADMIN_CONFIG_LDAP_BASE_DN="(dc=madm,dc=net)"'
 -e 'PGADMIN_CONFIG_SEARCH_SCOPE="SUBTREE"' -e
'PGADMIN_CONFIG_AUTHENTICATION_SOURCES="ldap","internal"' -v '/dockerdata/pgadmin/servers.json:/servers.json' -v '/dockerdata/pgadmin/server.cert:/certs/server.cert'
 -v '/dockerdata/pgadmin/server.key:/certs/server.key' -e PGADMIN_ENABLE_TLS=TRUE -e

PGADMIN_DEFAULT_PASSWORD=admin
-e
PGADMIN_DEFAULT_EMAIL=ad...@metronom.com
registry.metroscales.io/rdb-dev/pgadmin:latest
 
2020-05-05 10:27:46,936: ERROR
flask.app: Error binding to the LDAP server.
Traceback (most recent call last):
  File "/pgadmin4/pgadmin/authenticate/ldap.py", line 115, in connect
    auto_bind=True
  File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 355, in __init__
    self.do_auto_bind()
  File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 384, in do_auto_bind
    raise LDAPBindError(self.last_error)
ldap3.core.exceptions.LDAPBindError: None
 
From config description I do not see how I pass a bind user that would required (as we do not allow anonymous access) so that an LDAP query can be executed that finds
 the logon user via his UPN. Once record is found we have the DN that can be used to bind the user with his entered password to verify that password is valid.


Thanks for sharing how it works internally and what mistake I have here in my config..

cheers
Heiko


 

Geschäftsanschrift/Business
address: METRO-NOM GmbH, Metro-Straße 12, 40235 Duesseldorf, GermanyAufsichtsrat/Supervisory Board: Olaf Koch
(Vorsitzender/Chairman)
Geschäftsführung/Management Board: Timo Salzsieder (Vorsitzender/CEO), Felix
Lindemann (COO), Frank Hammerle (CFO)
Sitz Düsseldorf, Amtsgericht Düsseldorf, HRB 18232/Registered Office
Düsseldorf, Commercial Register of the Düsseldorf Local Court, HRB 18232

Betreffend
Mails von *@metronom.com
Die in dieser E-Mail enthaltenen Nachrichten und Anhänge sind ausschließlich
für den bezeichneten Adressaten bestimmt. Sie können rechtlich geschützte,
vertrauliche Informationen enthalten. Falls Sie nicht der bezeichnete Empfänger
oder zum Empfang dieser E-Mail nicht berechtigt sind, ist die Verwendung,
Vervielfältigung oder Weitergabe der Nachrichten und Anhänge untersagt. Falls
Sie diese E-Mail irrtümlich erhalten haben, informieren Sie bitte unverzüglich
den Absender und vernichten Sie die E-Mail.

Regarding mails from *@metronom.com
This e-mail message and any attachment are intended exclusively for the named
addressee. They may contain confidential information which may also be protected
by professional secrecy. Unless you are the named addressee (or authorised to
receive for the addressee) you may not copy or use this message or any
attachment or disclose the contents to anyone else. If this e-mail was

Problems to use LDAP again AD directory with disabled anonymous logon

2020-05-05 Thread heiko.onnebrink 
Hi
I am exited to see that with the latest patch we have LDAP support in pgAdmin
I tried to make it work but did not succeed. 

We use Microsoft AD. We have a global catalog that allows LDAP access but 
anonymous access is disabled.

I have a technical user SVCLDAP that I can use to auth against LDAP and search 
for a user via UPN and did some ldapsearch tests before I changed the config of 
pgAdmin:

ldapsearch -H ldap://ldap.mgi.de:389 -D "CN=SVCLDAP, CN=Users, DC=ASF, DC=madm, 
DC=net" -W  -b "dc=R2, dc=madm,dc=net" 
"(userPrincipalName=heiko.onnebr...@metronom.com)"
Enter LDAP Password: somepwd
 
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (userPrincipalName=heiko.onnebr...@metronom.com)
# requesting: ALL
#
 
# Onnebrink Heiko, HQ01-DUS, Users, DE, MSYS, r2.madm.net
dn: CN=Onnebrink Heiko,OU=HQ01-DUS,OU=Users,OU=DE,OU=MSYS,DC=r2,DC=madm,DC=net
..
 
If I do the same query without providing a bind DN gives an sasl error
 
ldapsearch -H ldap://ldap.mgi.de:389 -b "dc=R2, dc=madm,dc=net" 
"(userPrincipalName=heiko.onnebr...@metronom.com)"


SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS 
failure.  Minor code may provide more information (No Kerberos credentials 
available (default cache: FILE:/tmp/krb5cc_500))


If I disable SASL (-x) it works but returns no data:
 
ldapsearch -H ldap://ldap.mgi.de:389 -x  -b "dc=R2, dc=madm,dc=net" 
"(userPrincipalName=heiko.onnebr...@metronom.com)"
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (userPrincipalName=heiko.onnebr...@metronom.com)
# requesting: ALL
#
 
# search result
search: 2
result: 0 Success
 
# numResponses: 1
 
I transferred now the above settings to the pgAdmin config (docker is used here)

docker run -p 443:443 --name pgadminssl -e 
'PGADMIN_CONFIG_LDAP_SERVER_URI="ldap://ldap.mgi.de:389";'  -e 
'PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE="userPrincipalName"' -e 
'PGADMIN_CONFIG_LDAP_BASE_DN="(dc=madm,dc=net)"' -e 
'PGADMIN_CONFIG_SEARCH_SCOPE="SUBTREE"' -e
'PGADMIN_CONFIG_AUTHENTICATION_SOURCES="ldap","internal"' -v 
'/dockerdata/pgadmin/servers.json:/servers.json' -v 
'/dockerdata/pgadmin/server.cert:/certs/server.cert' -v 
'/dockerdata/pgadmin/server.key:/certs/server.key' -e PGADMIN_ENABLE_TLS=TRUE -e
PGADMIN_DEFAULT_PASSWORD=admin -e
PGADMIN_DEFAULT_EMAIL=ad...@metronom.com 
registry.metroscales.io/rdb-dev/pgadmin:latest
 
2020-05-05 10:27:46,936: ERROR
flask.app: Error binding to the LDAP server.
Traceback (most recent call last):
  File "/pgadmin4/pgadmin/authenticate/ldap.py", line 115, in connect
auto_bind=True
  File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 
355, in __init__
self.do_auto_bind()
  File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 
384, in do_auto_bind
raise LDAPBindError(self.last_error)
ldap3.core.exceptions.LDAPBindError: None
 
From config description I do not see how I pass a bind user that would required 
(as we do not allow anonymous access) so that an LDAP query can be executed 
that finds the logon user via his UPN. Once record is found we have the DN that 
can be used to bind the user with his entered password to verify that password 
is valid.

Thanks for sharing how it works internally and what mistake I have here in my 
config..

cheers
Heiko

Geschäftsanschrift/Business address: METRO-NOM GmbH, Metro-Straße 12, 40235 
Duesseldorf, Germany
Aufsichtsrat/Supervisory Board: Olaf Koch (Vorsitzender/Chairman)
Geschäftsführung/Management Board: Timo Salzsieder (Vorsitzender/CEO), Felix 
Lindemann (COO), Frank Hammerle (CFO)
Sitz Düsseldorf, Amtsgericht Düsseldorf, HRB 18232/Registered Office 
Düsseldorf, Commercial Register of the Düsseldorf Local Court, HRB 18232

Betreffend Mails von *@metronom.com 
Die in dieser E-Mail enthaltenen Nachrichten und Anhänge sind ausschließlich 
für den bezeichneten Adressaten bestimmt. Sie können rechtlich geschützte, 
vertrauliche Informationen enthalten. Falls Sie nicht der bezeichnete Empfänger 
oder zum Empfang dieser E-Mail nicht berechtigt sind, ist die Verwendung, 
Vervielfältigung oder Weitergabe der Nachrichten und Anhänge untersagt. Falls 
Sie diese E-Mail irrtümlich erhalten haben, informieren Sie bitte unverzüglich 
den Absender und vernichten Sie die E-Mail.

Regarding mails from *@metronom.com 
This e-mail message and any attachment are intended exclusively for the named 
addressee. They may contain confidential information which may also be 
protected by professional secrecy. Unless you are the named addressee (or 
authorised to receive for the addressee) you may not copy or use this message 
or any attachment or disclose the contents to anyone else. If this e-mail was

RE: What does this icon means?

2020-05-05 Thread Edson Richter 
PostgreSQL 9.6 x64 Linux
pgAdmin 4.20 and 4.21
Table DDL:


CREATE TABLE public.mytable
(
guid character varying(36) COLLATE pg_catalog."default" NOT NULL,
textfield_1 character varying(250) COLLATE pg_catalog."default" NOT NULL,
intfield_1 integer NOT NULL,
intfield_2 smallint NOT NULL DEFAULT 0,
intfield_3 smallint NOT NULL DEFAULT 0,
textfield_2 character varying(1000) COLLATE pg_catalog."default",
textfield_3 character varying(10) COLLATE pg_catalog."default",
textfield_4 character varying(250) COLLATE pg_catalog."default",
intfield_4 smallint NOT NULL DEFAULT 0,
intfield_5 smallint NOT NULL DEFAULT 0,
textfield_5 character varying(10) COLLATE pg_catalog."default",
datefield_1 timestamp without time zone,
datefield_2 timestamp without time zone,
intfield_6 integer,
intfield_7 integer,
intfield_8 smallint DEFAULT 0,
intfield_9 smallint DEFAULT 0,
textfield_6 text COLLATE pg_catalog."default",
intfield_10 smallint DEFAULT 0,
CONSTRAINT pkmytable PRIMARY KEY (guid),
CONSTRAINT fk_mytable_codlibera FOREIGN KEY (textfield_5, intfield_1)
REFERENCES public.mytable (textfield_3, intfield_1) MATCH SIMPLE
ON UPDATE CASCADE
ON DELETE RESTRICT,
CONSTRAINT fk_mytable_xyz FOREIGN KEY (intfield_1)
REFERENCES public.xyz (id) MATCH SIMPLE
ON UPDATE CASCADE
ON DELETE CASCADE,
CONSTRAINT fk_mytable_yxz_alteracao FOREIGN KEY (intfield_7)
REFERENCES public.yxz (id) MATCH SIMPLE
ON UPDATE CASCADE
ON DELETE CASCADE,
CONSTRAINT fk_mytable_yxz_criacao FOREIGN KEY (intfield_6)
REFERENCES public.yxz (id) MATCH SIMPLE
ON UPDATE CASCADE
ON DELETE CASCADE
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;

-- Index: uq_mytable

-- DROP INDEX public.uq_mytable;

CREATE UNIQUE INDEX uq_mytable
ON public.mytable USING btree
(intfield_1 ASC NULLS LAST, textfield_3 COLLATE pg_catalog."default" ASC 
NULLS LAST)
TABLESPACE pg_default;



De: Khushboo Vashi 
Enviado: terça-feira, 5 de maio de 2020 01:01
Para: Edson Richter 
Cc: Murtuza Zabuawala ; pgadmin-support 
lists.postgresql.org 
Assunto: Re: What does this icon means?

Hi,

On Tue, May 5, 2020 at 5:38 AM Edson Richter 
mailto:edsonrich...@hotmail.com>> wrote:
Perfect answer! Thanks.
But now I have an issue: this table, for sure, has no inheritance - just 
because we use no inheritance in this project at all.

Provide some details to investigate the issue.
- PostgreSQL Version
- pgAdmin Version
- if possible, table DDL

Thanks,
Khushboo
What would be causing this?

Atenciosamente,

Edson Richter






Soli Deo Gloria

-- Mensagem original--
De: Murtuza Zabuawala
Data: seg, 4 de mai de 2020 20:54
Para: Edson Richter;
Cc:pgadmin-support 
lists.postgresql.org;
Assunto:Re: What does this icon means?

Hi,

The icon indicates that the table is inherited.

Please refer 
https://redmine.postgresql.org/issues/3174
 for more details.


Regards,
Murtuza

On Tue, 5 May 2020, 03:26 Edson Richter, 
mailto:edsonrich...@hotmail.com>> wrote:
K 🙂

Would the development team create a documentation page describing each icon 
used in the object tree?

Thanks,

Edson


De: Cherio mailto:che...@gmail.com>>
Enviado: segunda-feira, 4 de maio de 2020 18:38
Para: Edson Richter mailto:edsonrich...@hotmail.com>>
Cc: pgadmin-support 
lists.postgresql.org
 
mailto:pgadmin-support@lists.postgresql.org>>
Assunto: Re: What does this icon means?

My interpretation is it is telling you which way to look.
Sorry :)

On Mon, May 4, 2020 at 10:17 AM Edson Richter 
mailto:edsonrich...@hotmail.com>> wrote:
A small arrow at table icon means what?

[X]

Thanks,

Edson

RE: What does this icon means?

2020-05-05 Thread Edson Richter 
You guys rules!

This query brought attention to a table that has been used by a DBD to import a 
spreadsheet into database - and, after, he forgot do delete.

Thank you very much! I'll delete that table now.

Regards,

Edson


De: Aditya Toshniwal 
Enviado: terça-feira, 5 de maio de 2020 01:03
Para: Khushboo Vashi 
Cc: Edson Richter ; Murtuza Zabuawala 
; pgadmin-support lists.postgresql.org 

Assunto: Re: What does this icon means?



On Tue, May 5, 2020 at 9:32 AM Khushboo Vashi 
mailto:khushboo.va...@enterprisedb.com>> wrote:
Hi,

On Tue, May 5, 2020 at 5:38 AM Edson Richter 
mailto:edsonrich...@hotmail.com>> wrote:
Perfect answer! Thanks.
But now I have an issue: this table, for sure, has no inheritance - just 
because we use no inheritance in this project at all.

Provide some details to investigate the issue.
- PostgreSQL Version
- pgAdmin Version
- if possible, table DDL
And please also check the output of:
select r.relname, r.oid
from pg_inherits i join pg_class r
where i.inhrelid = r.oid
and i.inhparent = ;

Thanks,
Khushboo
What would be causing this?

Atenciosamente,

Edson Richter






Soli Deo Gloria

-- Mensagem original--
De: Murtuza Zabuawala
Data: seg, 4 de mai de 2020 20:54
Para: Edson Richter;
Cc:pgadmin-support 
lists.postgresql.org;
Assunto:Re: What does this icon means?

Hi,

The icon indicates that the table is inherited.

Please refer 
https://redmine.postgresql.org/issues/3174
 for more details.


Regards,
Murtuza

On Tue, 5 May 2020, 03:26 Edson Richter, 
mailto:edsonrich...@hotmail.com>> wrote:
K 🙂

Would the development team create a documentation page describing each icon 
used in the object tree?

Thanks,

Edson


De: Cherio mailto:che...@gmail.com>>
Enviado: segunda-feira, 4 de maio de 2020 18:38
Para: Edson Richter mailto:edsonrich...@hotmail.com>>
Cc: pgadmin-support 
lists.postgresql.org
 
mailto:pgadmin-support@lists.postgresql.org>>
Assunto: Re: What does this icon means?

My interpretation is it is telling you which way to look.
Sorry :)

On Mon, May 4, 2020 at 10:17 AM Edson Richter 
mailto:edsonrich...@hotmail.com>> wrote:
A small arrow at table icon means what?

[X]

Thanks,

Edson


--
Thanks and Regards,
Aditya Toshniwal
pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
"Don't Complain about Heat, Plant a TREE"

Re: Problems to use LDAP again AD directory with disabled anonymous logon

2020-05-05 Thread Khushboo Vashi 
Hi,

On Wed, May 6, 2020 at 12:57 AM  wrote:

> Hi
> I am exited to see that with the latest patch we have LDAP support in
> pgAdmin
> I tried to make it work but did not succeed.
>
> We use Microsoft AD. We have a global catalog that allows LDAP access but
> anonymous access is disabled.
>
> I have a technical user SVCLDAP that I can use to auth against LDAP and
> search for a user via UPN and did some ldapsearch tests before I changed
> the config of pgAdmin:
>
> ldapsearch -H ldap://ldap.mgi.de:389 -D "CN=SVCLDAP, CN=Users, DC=ASF,
> DC=madm, DC=net" -W  -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=
> heiko.onnebr...@metronom.com)"
> Enter LDAP Password: somepwd
>
> # extended LDIF
> #
> # LDAPv3
> # base  with scope subtree
> # filter: (userPrincipalName=heiko.onnebr...@metronom.com)
> # requesting: ALL
> #
>
> # Onnebrink Heiko, HQ01-DUS, Users, DE, MSYS, r2.madm.net
> dn: CN=Onnebrink
> Heiko,OU=HQ01-DUS,OU=Users,OU=DE,OU=MSYS,DC=r2,DC=madm,DC=net
> ..
>
> If I do the same query without providing a bind DN gives an sasl error
>
> ldapsearch -H ldap://ldap.mgi.de:389 -b "dc=R2, dc=madm,dc=net"
> "(userPrincipalName=heiko.onnebr...@metronom.com)"
>
>
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Local error (-2)
> additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
> failure.  Minor code may provide more information (No Kerberos credentials
> available (default cache: FILE:/tmp/krb5cc_500))
>
>
> If I disable SASL (-x) it works but returns no data:
>
> ldapsearch -H ldap://ldap.mgi.de:389 -x  -b "dc=R2, dc=madm,dc=net"
> "(userPrincipalName=heiko.onnebr...@metronom.com)"
> # extended LDIF
> #
> # LDAPv3
> # base  with scope subtree
> # filter: (userPrincipalName=heiko.onnebr...@metronom.com)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
> I transferred now the above settings to the pgAdmin config (docker is used
> here)
>
> docker run -p 443:443 --name pgadminssl -e
> 'PGADMIN_CONFIG_LDAP_SERVER_URI="ldap://ldap.mgi.de:389";'  -e
> 'PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE="userPrincipalName"' -e
> 'PGADMIN_CONFIG_LDAP_BASE_DN="(dc=madm,dc=net)"' -e
> 'PGADMIN_CONFIG_SEARCH_SCOPE="SUBTREE"' -e
> 'PGADMIN_CONFIG_AUTHENTICATION_SOURCES="ldap","internal"' -v
> '/dockerdata/pgadmin/servers.json:/servers.json' -v
> '/dockerdata/pgadmin/server.cert:/certs/server.cert' -v
> '/dockerdata/pgadmin/server.key:/certs/server.key' -e
> PGADMIN_ENABLE_TLS=TRUE -e
> PGADMIN_DEFAULT_PASSWORD=admin -e
> PGADMIN_DEFAULT_EMAIL=ad...@metronom.com
> registry.metroscales.io/rdb-dev/pgadmin:latest
>
>
As per your ldapsearch (ldapsearch -H ldap://ldap.mgi.de:389 -D
"CN=SVCLDAP, CN=Users, DC=ASF, DC=madm, DC=net" -W  -b "dc=R2,
dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"), the
pgAdmin LDAP parameters should be configured as below.

PGADMIN_CONFIG_AUTHENTICATION_SOURCES=["ldap", "internal"]
PGADMIN_CONFIG_LDAP_SERVER_URI="ldap://ldap.mgi.de:389";
PGADMIN_CONFIG_LDAP_BASE_DN="CN=Users, DC=ASF, DC=madm, DC=net"
PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE="CN"
PGADMIN_CONFIG_SEARCH_SCOPE="SUBTREE"
PGADMIN_CONFIG_LDAP_SEARCH_BASE_DN="dc=R2, dc=madm,dc=net"
PGADMIN_CONFIG_LDAP_SEARCH_FILTER="(userPrincipalName=
heiko.onnebr...@metronom.com)"

The LDAP configuration details can be found at
https://www.pgadmin.org/docs/pgadmin4/4.21/enabling_ldap_authentication.html

When you try to login to the pgAdmin application, SVCLDAP should be given
in the username input box.
Ref: https://www.pgadmin.org/docs/pgadmin4/4.21/login.html


> 2020-05-05 10:27:46,936: ERROR
> flask.app: Error binding to the LDAP server.
> Traceback (most recent call last):
>   File "/pgadmin4/pgadmin/authenticate/ldap.py", line 115, in connect
> auto_bind=True
>   File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py",
> line 355, in __init__
> self.do_auto_bind()
>   File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py",
> line 384, in do_auto_bind
> raise LDAPBindError(self.last_error)
> ldap3.core.exceptions.LDAPBindError: None
>
> From config description I do not see how I pass a bind user that would
> required (as we do not allow anonymous access) so that an LDAP query can be
> executed that finds the logon user via his UPN. Once record is found we
> have the DN that can be used to bind the user with his entered password to
> verify that password is valid.
>
> pgAdmin will first bind the LDAP server with the given configurations,
then filter out user based on the LDAP_SEARCH_BASE_DN and
LDAP_SEARCH_FILTER configurations.

Thanks,
Khushboo

> Thanks for sharing how it works internally and what mistake I have here in
> my config..
>
> cheers
> Heiko
>
> Geschäftsanschrift/Business address: METRO-NOM GmbH, Metro-Straße 12,
> 40235 Duesseldorf, Germany
> Aufsichtsrat/Supervisory Board: Olaf Koch (Vorsitzender/Chairman)
> Geschäftsführung/Management Board: Timo Salzsieder (Vorsitzender/CEO),
> Felix Lindemann

AW: [EXT] Re: Problems to use LDAP again AD directory with disabled anonymous logon

2020-05-05 Thread heiko.onnebrink 






Hi


I did as advised and get now this as response in UI 
{"success":0,"errormsg":"attribute type not present","info":"","result":null,"data":null}

and here the error stack




2020-05-06 04:57:59,908: ERROR
flask.app: attribute type not present

Traceback (most recent call last):

  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1813, in full_dispatch_request

    rv = self.dispatch_request()

  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request

    return self.view_functions[rule.endpoint](**req.view_args)

  File "/pgadmin4/pgadmin/authenticate/__init__.py", line 54, in login

    status, msg = auth_obj.authenticate()

  File "/pgadmin4/pgadmin/authenticate/__init__.py", line 117, in authenticate

    status, msg = source.authenticate(self.form)

  File "/pgadmin4/pgadmin/authenticate/ldap.py", line 49, in authenticate

    status, user_email = self.search_ldap_user()

  File "/pgadmin4/pgadmin/authenticate/ldap.py", line 170, in search_ldap_user

    attributes=ALL_ATTRIBUTES

  File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 765, in search

    search_base = safe_dn(search_base)

  File "/usr/local/lib/python3.7/site-packages/ldap3/utils/dn.py", line 353, in safe_dn

    for component in parse_dn(dn, escape=True):

  File "/usr/local/lib/python3.7/site-packages/ldap3/utils/dn.py", line 315, in parse_dn

    if not _validate_attribute_type(attribute_type):

  File "/usr/local/lib/python3.7/site-packages/ldap3/utils/dn.py", line 172, in _validate_attribute_type

    raise LDAPInvalidDnError('attribute type not present')

ldap3.core.exceptions.LDAPInvalidDnError: attribute type not present


Also one question:
The user that will logon in our should be heiko.onnebr...@metronom.com, the user SVCLDAP is not used to work with pgAdmin .. so should the config not be swapped between these users ?


cheers
Heiko




Hi,







On Wed, May 6, 2020 at 12:57 AM  wrote:


Hi
I am exited to see that with the latest patch we have LDAP support in pgAdmin
I tried to make it work but did not succeed. 

We use Microsoft AD. We have a global catalog that allows LDAP access but anonymous access is disabled.

I have a technical user SVCLDAP that I can use to auth against LDAP and search for a user via UPN and did some ldapsearch tests before I changed the config of pgAdmin:

ldapsearch -H ldap://ldap.mgi.de:389 -D "CN=SVCLDAP, CN=Users, DC=ASF, DC=madm, DC=net" -W  -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"
Enter LDAP Password: somepwd

# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (userPrincipalName=heiko.onnebr...@metronom.com)
# requesting: ALL
#

# Onnebrink Heiko, HQ01-DUS, Users, DE, MSYS, 
r2.madm.net
dn: CN=Onnebrink Heiko,OU=HQ01-DUS,OU=Users,OU=DE,OU=MSYS,DC=r2,DC=madm,DC=net
..

If I do the same query without providing a bind DN gives an sasl error

ldapsearch -H ldap://ldap.mgi.de:389 -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"


SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_500))


If I disable SASL (-x) it works but returns no data:

ldapsearch -H ldap://ldap.mgi.de:389 -x  -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (userPrincipalName=heiko.onnebr...@metronom.com)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

I transferred now the above settings to the pgAdmin config (docker is used here)

docker run -p 443:443 --name pgadminssl -e 'PGADMIN_CONFIG_LDAP_SERVER_URI="ldap://ldap.mgi.de:389"'  -e 'PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE="userPrincipalName"' -e 'PGADMIN_CONFIG_LDAP_BASE_DN="(dc=madm,dc=net)"'
 -e 'PGADMIN_CONFIG_SEARCH_SCOPE="SUBTREE"' -e
'PGADMIN_CONFIG_AUTHENTICATION_SOURCES="ldap","internal"' -v '/dockerdata/pgadmin/servers.json:/servers.json' -v '/dockerdata/pgadmin/server.cert:/certs/server.cert' -v '/dockerdata/pgadmin/server.key:/certs/server.key' -e PGADMIN_ENABLE_TLS=TRUE -e
PGADMIN_DEFAULT_PASSWORD=admin -e
PGADMIN_DEFAULT_EMAIL=ad...@metronom.com

registry.metroscales.io/rdb-dev/pgadmin:latest




As per your ldapsearch (ldapsearch -H ldap://ldap.mgi.de:389 -D "CN=SVCLDAP, CN=Users, DC=ASF, DC=madm, DC=net" -W  -b "dc=R2, dc=madm,dc=net" "(userPrincipalName=heiko.onnebr...@metronom.com)"),
 the pgAdmin LDAP parameters should be configured as below.




PGADMIN_CONFIG_AUTHENTICATION_SOURCES=["ldap", "internal"]



PGADMIN_CONFIG_LDAP_SERVER_URI="ldap://ldap.mgi.de:389"

PGADMIN_CONFIG_LDAP_BASE_DN="CN=Users, DC=ASF, DC=madm, DC=net"

PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE="CN"

PGADMIN_CONFIG_SEARCH_SCOPE="SUBTREE"

PGADMIN

Re: [EXT] Re: Problems to use LDAP again AD directory with disabled anonymous logon

2020-05-05 Thread heiko.onnebrink 
Hi

I did as advised and get now this as response in UI 
{"success":0,"errormsg":"attribute type not 
present","info":"","result":null,"data":null}
and here the error stack

2020-05-06 04:57:59,908: ERROR
flask.app: attribute type not present
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1813, in 
full_dispatch_request
rv = self.dispatch_request()
  File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1799, in 
dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
  File "/pgadmin4/pgadmin/authenticate/__init__.py", line 54, in login
status, msg = auth_obj.authenticate()
  File "/pgadmin4/pgadmin/authenticate/__init__.py", line 117, in authenticate
status, msg = source.authenticate(self.form)
  File "/pgadmin4/pgadmin/authenticate/ldap.py", line 49, in authenticate
status, user_email = self.search_ldap_user()
  File "/pgadmin4/pgadmin/authenticate/ldap.py", line 170, in search_ldap_user
attributes=ALL_ATTRIBUTES
  File "/usr/local/lib/python3.7/site-packages/ldap3/core/connection.py", line 
765, in search
search_base = safe_dn(search_base)
  File "/usr/local/lib/python3.7/site-packages/ldap3/utils/dn.py", line 353, in 
safe_dn
for component in parse_dn(dn, escape=True):
  File "/usr/local/lib/python3.7/site-packages/ldap3/utils/dn.py", line 315, in 
parse_dn
if not _validate_attribute_type(attribute_type):
  File "/usr/local/lib/python3.7/site-packages/ldap3/utils/dn.py", line 172, in 
_validate_attribute_type
raise LDAPInvalidDnError('attribute type not present')
ldap3.core.exceptions.LDAPInvalidDnError: attribute type not present

Also one question:
The user that will logon in our should be heiko.onnebr...@metronom.com, the 
user SVCLDAP is not used to work with pgAdmin .. so should the config not be 
swapped between these users ?

cheers
Heiko

From: Khushboo Vashi 
Date: Wednesday, 6. May 2020 at 06:42
To: "Onnebrink, Heiko" 
Cc: "pgadmin-support lists.postgresql.org" 

Subject: [EXT] Re: Problems to use LDAP again AD directory with disabled 
anonymous logon

Hi,

On Wed, May 6, 2020 at 12:57 AM  wrote:
Hi
I am exited to see that with the latest patch we have LDAP support in pgAdmin
I tried to make it work but did not succeed. 

We use Microsoft AD. We have a global catalog that allows LDAP access but 
anonymous access is disabled.

I have a technical user SVCLDAP that I can use to auth against LDAP and search 
for a user via UPN and did some ldapsearch tests before I changed the config of 
pgAdmin:

ldapsearch -H ldap://http://ldap.mgi.de:389 -D "CN=SVCLDAP, CN=Users, DC=ASF, 
DC=madm, DC=net" -W  -b "dc=R2, dc=madm,dc=net" 
"(userPrincipalName=mailto:heiko.onnebr...@metronom.com)"
Enter LDAP Password: somepwd

# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (userPrincipalName=mailto:heiko.onnebr...@metronom.com)
# requesting: ALL
#

# Onnebrink Heiko, HQ01-DUS, Users, DE, MSYS, http://r2.madm.net
dn: CN=Onnebrink Heiko,OU=HQ01-DUS,OU=Users,OU=DE,OU=MSYS,DC=r2,DC=madm,DC=net
..

If I do the same query without providing a bind DN gives an sasl error

ldapsearch -H ldap://http://ldap.mgi.de:389 -b "dc=R2, dc=madm,dc=net" 
"(userPrincipalName=mailto:heiko.onnebr...@metronom.com)"


SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS 
failure.  Minor code may provide more information (No Kerberos credentials 
available (default cache: FILE:/tmp/krb5cc_500))


If I disable SASL (-x) it works but returns no data:

ldapsearch -H ldap://http://ldap.mgi.de:389 -x  -b "dc=R2, dc=madm,dc=net" 
"(userPrincipalName=mailto:heiko.onnebr...@metronom.com)"
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (userPrincipalName=mailto:heiko.onnebr...@metronom.com)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

I transferred now the above settings to the pgAdmin config (docker is used here)

docker run -p 443:443 --name pgadminssl -e 
'PGADMIN_CONFIG_LDAP_SERVER_URI="ldap://http://ldap.mgi.de:389";'  -e 
'PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE="userPrincipalName"' -e 
'PGADMIN_CONFIG_LDAP_BASE_DN="(dc=madm,dc=net)"' -e 
'PGADMIN_CONFIG_SEARCH_SCOPE="SUBTREE"' -e
'PGADMIN_CONFIG_AUTHENTICATION_SOURCES="ldap","internal"' -v 
'/dockerdata/pgadmin/servers.json:/servers.json' -v 
'/dockerdata/pgadmin/server.cert:/certs/server.cert' -v 
'/dockerdata/pgadmin/server.key:/certs/server.key' -e PGADMIN_ENABLE_TLS=TRUE -e
PGADMIN_DEFAULT_PASSWORD=admin -e
PGADMIN_DEFAULT_EMAIL=mailto:ad...@metronom.com 
http://registry.metroscales.io/rdb-dev/pgadmin:latest

As per your ldapsearch (ldapsearch -H ldap://http://ldap.mgi.de:389 -D 
"CN=SVCLDAP, CN=Users, DC=ASF, DC=madm, DC=net" -W  -b "dc=R2, dc=madm,dc=net" 
"(userPrincipalName=mailto:heiko.onnebr...@metronom.com)"), the pgAdmin LDAP 
parameters should b

wsgi:error AttributeError: module 'pkg_resources' has no attribute 'resource_filename'

2020-05-05 Thread Nagaraj Raj 
Hella,

I'm trying to install pgAdmin on Redhat and end up with below error,

Wed May 06 00:53:35.157756 2020] [wsgi:error] [pid 6973] mod_wsgi (pid=6973): 
Failed to exec Python script file 
'/usr/lib/python3.6/site-packages/pgadmin4-web/pgAdmin4.wsgi'.
[Wed May 06 00:53:35.157820 2020] [wsgi:error] [pid 6973] mod_wsgi (pid=6973): 
Exception occurred processing WSGI script 
'/usr/lib/python3.6/site-packages/pgadmin4-web/pgAdmin4.wsgi'.
[Wed May 06 00:53:35.157959 2020] [wsgi:error] [pid 6973]  Traceback (most 
recent call last):
[Wed May 06 00:53:35.158001 2020] [wsgi:error] [pid 6973]   File 
"/usr/lib/python3.6/site-packages/pgadmin4-web/pgAdmin4.wsgi", line 36, in 

[Wed May 06 00:53:35.158009 2020] [wsgi:error] [pid 6973]  from pgAdmin4 
import app as application
[Wed May 06 00:53:35.158018 2020] [wsgi:error] [pid 6973]   File 
"/usr/lib/python3.6/site-packages/pgadmin4-web/pgAdmin4.py", line 109, in 

[Wed May 06 00:53:35.158023 2020] [wsgi:error] [pid 6973] app = create_app()
[Wed May 06 00:53:35.158031 2020] [wsgi:error] [pid 6973] File 
"/usr/lib/python3.6/site-packages/pgadmin4-web/pgadmin/__init__.py", line 379, 
in create_app
[Wed May 06 00:53:35.158036 2020] [wsgi:error] [pid 6973]
security.init_app(app, user_datastore)
[Wed May 06 00:53:35.158043 2020] [wsgi:error] [pid 6973]   File 
"/usr/lib/python3.6/site-packages/pgadmin4-web/flask_security/core.py", line 
503, in init_app
[Wed May 06 00:53:35.158048 2020] [wsgi:error] [pid 6973]  
anonymous_user=anonymous_user)
[Wed May 06 00:53:35.158055 2020] [wsgi:error] [pid 6973]   File 
"/usr/lib/python3.6/site-packages/pgadmin4-web/flask_security/core.py", line 
332, in _get_state
[Wed May 06 00:53:35.158060 2020] [wsgi:error] [pid 6973] 
i18n_domain=_get_i18n_domain(app),
[Wed May 06 00:53:35.158067 2020] [wsgi:error] [pid 6973]   File 
"/usr/lib/python3.6/site-packages/pgadmin4-web/flask_security/core.py", line 
303, in _get_i18n_domain
[Wed May 06 00:53:35.158073 2020] [wsgi:error] [pid 6973]   
pkg_resources.resource_filename('flask_security', 'translations'),
[Wed May 06 00:53:35.158089 2020] [wsgi:error] [pid 6973]  AttributeError: 
module 'pkg_resources' has no attribute 'resource_filename'


when I ran get_i18n_domain(app) fund in python console individually running 
fine, I wondered by it is throwing error while running app in web-browser. 

Is it a known issue or any solution to fix it?


pgAdmin4-4.21
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)





Thanks,
Rj