Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1jE9Cu-00081i-5L
	for pgadmin-hackers@arkaria.postgresql.org; Tue, 17 Mar 2020 10:12:20 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1jE9Cs-0007ln-Td
	for pgadmin-hackers@arkaria.postgresql.org; Tue, 17 Mar 2020 10:12:18 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <dpage@pgadmin.org>)
	id 1jE9Cs-0007lg-KH
	for pgadmin-hackers@lists.postgresql.org; Tue, 17 Mar 2020 10:12:18 +0000
Received: from mail-ua1-x942.google.com ([2607:f8b0:4864:20::942])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <dpage@pgadmin.org>)
	id 1jE9Cp-0005Di-6R
	for pgadmin-hackers@postgresql.org; Tue, 17 Mar 2020 10:12:17 +0000
Received: by mail-ua1-x942.google.com with SMTP id l7so7765374uap.8
        for <pgadmin-hackers@postgresql.org>;
 Tue, 17 Mar 2020 03:12:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=pgadmin.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=xQzGdI23hS8+n/hzIe9SJAY+BqyOVLNw8kVyNM4ADc4=;
        b=o6U93PPWGH3+AOh3skyNPV5fepL452LDFtWUHh5cseOQQRs3MKudyr9rHqLolF9fbk
         +u/ZjZtFNoo61HfQAGUDn9NDAM++iBhZrG9kBfcPSntxDXstB1XYGSTK+ypuMAHA6qMB
         7oRJ/Nd14/yt22NMQk1afDO0u6RDUz6z11vSOxNXdcRW7XonpGPXFPBubPpN1KToct0s
         oK9POhwXOtK0WhhmD02wjNtwYLsoLO08oGMi8T4MH5V/X5rAnLSmu0ogNr/ujmOcCSRR
         Mg2Evv9wU1tMJU7nanbkJfABFH3UZNvxXpfzGG69zHGRZx/oyQ9XNVqpMLP6MmcJ2kq0
         hDTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=xQzGdI23hS8+n/hzIe9SJAY+BqyOVLNw8kVyNM4ADc4=;
        b=MJGLMRLnxuKF28hprab82kIVyz7N3XNmM/l9Ng4K0N3e3rUbGHixssd5Ayy7dVrOtD
         aL7T+Kd/1O1vs3ndpTKMwmEDKEBhgFh9IoM4nO47JvzxwPP6ndTnLdpLb/n1t1Z1IO4K
         e/RFeIG7LgtVqoY5Q4QnlReFSOOptwsfN3tXR3xvyVsen3EWfarNQ3iFdoyi3MBH5L9u
         e5yDEvynrRm6Gd7JXlMlDWKFEpliMChp/PLLhTvTBB/AUAsc0lqkYgR95mdwPQoEfVyx
         /VgqtWwYncE5g7CY53OUOcz2pSgDeYnnvTJQI+x6T193IMyDef/76P33M08ZrpEwGG2O
         ZFPA==
X-Gm-Message-State: ANhLgQ056WtuOju9htqS3l/4z6dbxz5zUF6+F9giHdcqUm/LN00cYb/R
	ZmjbQqlEsddHWXZytmLd9dH0KTkdlwmxse40UvKJZg==
X-Google-Smtp-Source: 
 ADFU+vsQEepaMDQyGA341JF5awxhgov6UBEy0B06Pk2YUWcEmsvRcajdqkvTiJNDkNQ2JipdrqtcFsJZ/Ap7/+bSEFY=
X-Received: by 2002:ab0:260c:: with SMTP id c12mr2879384uao.122.1584439933016;
 Tue, 17 Mar 2020 03:12:13 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAFOhELeCi7Dyp_T5EeKQXWLc1H580u5o13BKQeFxAZPpjRmhTw@mail.gmail.com>
In-Reply-To: 
 <CAFOhELeCi7Dyp_T5EeKQXWLc1H580u5o13BKQeFxAZPpjRmhTw@mail.gmail.com>
From: Dave Page <dpage@pgadmin.org>
Date: Tue, 17 Mar 2020 10:12:01 +0000
Message-ID: 
 <CA+OCxoyZvHAxNTDXYDNVE0irEFwYnJ0z-5KXKuJ_1Bc9aEYTWA@mail.gmail.com>
Subject: Re: [pgAdmin4][Patch] - RM 2186 - Support external authentication
 sources [LDAP]
To: Khushboo Vashi <khushboo.vashi@enterprisedb.com>
Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000603b1b05a10a2b94"
List-Id: <pgadmin-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgadmin-hackers@lists.postgresql.org>
List-Owner: <mailto:pgadmin-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgadmin-hackers>
Precedence: bulk

--000000000000603b1b05a10a2b94
Content-Type: text/plain; charset="UTF-8"

Hi

30 second read of the first version of the patch...

- Please move the configuration into config.py. Users should never have to
modify a distributed file (it messes up packaging). I don't see any reason
to use a different file just for auth config.

- I think all config options should be prefixed with LDAP_ as we may have
things like CERT_FILE for other purposes too.

- I don't see any test cases.

Thanks.


On Tue, Mar 17, 2020 at 8:55 AM Khushboo Vashi <
khushboo.vashi@enterprisedb.com> wrote:

> Hi,
>
> Please find the attached patch to support LDAP Authentication in Server
> mode.
> To test the patch, config_auth.py needs to be configured for LDAP
> configurations. The config settings are explained in this file in detail.
> After configuring the parameters, start the pgadmin server in Server mode
> and connect with LDAP server with the valid user via login page.
>
> I have tested this patch with ldap and ldap + ssl/tls. With the TLS, I
> have used the default config of ldap3 without certificates.
>
> @Dave, can you please review this patch, as you have a better
> understanding of LDAP and you can easily pointed out if I have missed
> anything.
>
> Note: For the document update I will create the task and assign to Nidhi
> for the same.
>
> Thanks,
> Khushboo
>


-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

--000000000000603b1b05a10a2b94
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi<div><br></div><div>30 second read of the first version =
of the patch...</div><div><br></div><div>- Please move the configuration in=
to config.py. Users should never have to modify a distributed file (it mess=
es up packaging). I don&#39;t see any reason to use a different file just f=
or auth config.</div><div><br></div><div>- I think all config options shoul=
d be prefixed with LDAP_ as we may have things like CERT_FILE for other pur=
poses too.</div><div><br></div><div>- I don&#39;t see any test cases.</div>=
<div><br></div><div>Thanks.</div><div><br></div></div><br><div class=3D"gma=
il_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Mar 17, 2020 at 8:5=
5 AM Khushboo Vashi &lt;<a href=3D"mailto:khushboo.vashi@enterprisedb.com" =
target=3D"_blank">khushboo.vashi@enterprisedb.com</a>&gt; wrote:<br></div><=
blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">Hi,<div><=
br></div><div>Please find the attached patch to support LDAP Authentication=
 in Server mode.</div><div>To test the patch, config_auth.py needs to be co=
nfigured for LDAP configurations. The config settings are explained in this=
 file in detail. After configuring the parameters, start the pgadmin server=
 in Server mode and connect with LDAP server with the valid user via login =
page.</div><div><br></div><div>I have tested this patch with ldap and ldap=
=C2=A0+ ssl/tls. With the TLS, I have used the default config of ldap3 with=
out certificates.</div><div><br></div><div>@Dave, can you please review thi=
s patch, as you have a better understanding of LDAP and you can easily poin=
ted out if I have missed anything.</div><div><br></div><div>Note: For the d=
ocument update I will create the task and assign to Nidhi for the same.</di=
v><div></div><div><br></div><div>Thanks,</div><div>Khushboo</div></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
>Dave Page<br>Blog: <a href=3D"http://pgsnake.blogspot.com" target=3D"_blan=
k">http://pgsnake.blogspot.com</a><br>Twitter: @pgsnake<br><br>EnterpriseDB=
 UK: <a href=3D"http://www.enterprisedb.com" target=3D"_blank">http://www.e=
nterprisedb.com</a><br>The Enterprise PostgreSQL Company<br></div>

--000000000000603b1b05a10a2b94--