Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1jE9ON-0008QN-Ua for pgadmin-hackers@arkaria.postgresql.org; Tue, 17 Mar 2020 10:24:12 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.89) (envelope-from ) id 1jE9OM-0006MD-NR for pgadmin-hackers@arkaria.postgresql.org; Tue, 17 Mar 2020 10:24:10 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1jE9OM-0006Lg-FR for pgadmin-hackers@lists.postgresql.org; Tue, 17 Mar 2020 10:24:10 +0000 Received: from mail-lf1-x143.google.com ([2a00:1450:4864:20::143]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1jE9OI-0005J6-L6 for pgadmin-hackers@postgresql.org; Tue, 17 Mar 2020 10:24:09 +0000 Received: by mail-lf1-x143.google.com with SMTP id a28so4855613lfr.13 for ; Tue, 17 Mar 2020 03:24:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aQxFXTTP5VnnR3S5Onkwp99HOXVVFZYkALyF4OS8RF4=; b=19g6wtcgnFkvJdDjLBUoqMfuysYiRqyZ/MDripFCR/2+5qU82q57pjFiNSf2hG8Dn6 1HUBjV5FDyk7RVuV7dDgWjG6VJ8ije4d0vsFODuNrrGogHPNEe3BF1itM9w+idHUITew +q0saWcw5d9KREGwvQPQJSUbMhKe8K36+c/OHfVlvN+srSZUZYOjoONDg/sihNhEohxd /7jJA6L+MnTkjFofNvWfl3CPMUg6SB27xDntrGJfwFlDEW6/pzl+k5tpGk6q5557MoPW k0MzZ7e/7RBv/4w53zKc/E6sHtBmK803iVofHynM4L4S8don5w3HTCDQdN07X3GacVzc KKLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aQxFXTTP5VnnR3S5Onkwp99HOXVVFZYkALyF4OS8RF4=; b=iYmGA+36wDL6V0mq+kdl2VsNVKe/sG60jncl/ZynpShnn9odHH3kOpA4OsdgJ93U3e x0Cr1UQ1zWKV3gzAtHx+unMVtvbFm655PQtCztadZw2jNBQXUvVi08wmSCP3w2VU+sTn qM0hMdAxH3eZVciHuKZiFIXcAN6t9esm5hTusIXmN2VfTAhe2p37tyyXHs9axF4YAaBf KUZOkObB+zphVvIG7BBsQyt+RIRn3qRqe8igIuZXa2DTwEUT5xnuMD3hoprUUlFyKD4M ykydcPdVZaUZw4gE/+5GWzNyI/xZ7jVwbjrb7nEzZpFy1b57nDNa/V3HIGGfXVkJIy5P CsUw== X-Gm-Message-State: ANhLgQ3A1EHbVwOqodNSlnTjxLXd0vMT0r6hdlHU14jORm0QELYi9YNF AHmqyeWtWYQtPtlPyLY4/eijIGIAd8O35lIyxRonwhnMIdK/JqfKCRH283t+f5p6RsZjoOecd5K W8+nkFq508SGz/175HwzGJkJcRR6Y2+dQ05l41SXQ1+WLry2sU8tC+0Us1zGPetCLJtb4GXdVsJ VpS82yUAvT1svqx+BfBzISJhfVLi1head/DwDpc8n9dhVPEUIWfoA= X-Google-Smtp-Source: ADFU+vtWvv3f7wemTveMzeX1jXKG/i054wx3Qn/Wdohlym+1T2QkICeJNSkXO4h9GyQ/p6csbI9LGxzifL/FE1z0B0c= X-Received: by 2002:ac2:54af:: with SMTP id w15mr2452483lfk.17.1584440644737; Tue, 17 Mar 2020 03:24:04 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Khushboo Vashi Date: Tue, 17 Mar 2020 15:53:57 +0530 Message-ID: Subject: Re: [pgAdmin4][Patch] - RM 2186 - Support external authentication sources [LDAP] To: Dave Page Cc: pgadmin-hackers Content-Type: multipart/alternative; boundary="000000000000cc316905a10a5526" X-CLOUD-SEC-AV-Info: edb,google_mail,monitor X-CLOUD-SEC-AV-Sent: true X-Gm-Spam: 0 X-Gm-Phishy: 0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --000000000000cc316905a10a5526 Content-Type: text/plain; charset="UTF-8" Hi Dave, Thanks for the review. On Tue, Mar 17, 2020 at 3:42 PM Dave Page wrote: > Hi > > 30 second read of the first version of the patch... > > - Please move the configuration into config.py. Users should never have to > modify a distributed file (it messes up packaging). I don't see any reason > to use a different file just for auth config. > > There are many settings for the LDAP, and in the future we will add other external sources also, so I thought it would be better if we have different file for the authentication. > - I think all config options should be prefixed with LDAP_ as we may have > things like CERT_FILE for other purposes too. > > Sure. > - I don't see any test cases. > > I will think about this, as right now no idea how to write test cases for this. > Thanks. > > Thanks, Khushboo > > On Tue, Mar 17, 2020 at 8:55 AM Khushboo Vashi < > khushboo.vashi@enterprisedb.com> wrote: > >> Hi, >> >> Please find the attached patch to support LDAP Authentication in Server >> mode. >> To test the patch, config_auth.py needs to be configured for LDAP >> configurations. The config settings are explained in this file in detail. >> After configuring the parameters, start the pgadmin server in Server mode >> and connect with LDAP server with the valid user via login page. >> >> I have tested this patch with ldap and ldap + ssl/tls. With the TLS, I >> have used the default config of ldap3 without certificates. >> >> @Dave, can you please review this patch, as you have a better >> understanding of LDAP and you can easily pointed out if I have missed >> anything. >> >> Note: For the document update I will create the task and assign to Nidhi >> for the same. >> >> Thanks, >> Khushboo >> > > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EnterpriseDB UK: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > --000000000000cc316905a10a5526 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Dave,

Thanks for the revi= ew.

On Tue, Mar 17, 2020 at 3:42 PM Dave Page <dpage@pgadmin.org> wrote:
Hi

30 secon= d read of the first version of the patch...

- Plea= se move the configuration into config.py. Users should never have to modify= a distributed file (it messes up packaging). I don't see any reason to= use a different file just for auth config.

There are many settings for the LDAP, and in the future we wil= l add other external sources also, so I thought it would be better if we ha= ve different file for the authentication.
- I think all config= options should be prefixed with LDAP_ as we may have things like CERT_FILE= for other purposes too.

Sure.= =C2=A0
- I don't see any test cases.

<= /div>
I will think about this, as right now no idea how to= write test cases for this.=C2=A0
Thanks.

=
Thanks,
Khushboo=C2=A0

=
On Tue, Ma= r 17, 2020 at 8:55 AM Khushboo Vashi <khushboo.vashi@enterprisedb.com> = wrote:
Hi,

Please find the attached patch to support L= DAP Authentication in Server mode.
To test the patch, config_auth= .py needs to be configured for LDAP configurations. The config settings are= explained in this file in detail. After configuring the parameters, start = the pgadmin server in Server mode and connect with LDAP server with the val= id user via login page.

I have tested this patch w= ith ldap and ldap=C2=A0+ ssl/tls. With the TLS, I have used the default con= fig of ldap3 without certificates.

@Dave, can you = please review this patch, as you have a better understanding of LDAP and yo= u can easily pointed out if I have missed anything.

Note: For the document update I will create the task and assign to Nidhi = for the same.

Thanks,
Khushbo= o


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB= UK: http://www.e= nterprisedb.com
The Enterprise PostgreSQL Company
--000000000000cc316905a10a5526--