|
Hi everyone, I am just starting out with pgAdmin and trying to configure an LDAPS connection to Active Directory, however, I am receiving the error message below.
This installation is on a CentOS 8 server with firewalld and SELinux currently disabled. Here are the relevant LDAP settings from /usr/lib/python3.6/site-packages/pgadmin4-web/config_local.py file - AUTHENTICATION_SOURCES = ['ldap'] LDAP_AUTO_CREATE_USER = True LDAP_CONNECTION_TIMEOUT = 10 LDAP_SERVER_URI = 'ldaps://ad:636' LDAP_BASE_DN = '(&(objectClass=user)(memberof=CN=pgAdmin,OU=Security Groups,OU=Domain Groups,DC=[REDACTED],DC=[REDACTED]))' LDAP_USERNAME_ATTRIBUTE = 'sAMAccountName' LDAP_SEARCH_BASE_DN = '<Search-Base-DN>' LDAP_SEARCH_FILTER = '(objectclass=user)' LDAP_SEARCH_SCOPE = 'SUBTREE' LDAP_USE_STARTTLS = True LDAP_CA_CERT_FILE = '/etc/pki/tls/certs/chain.cer' LDAP_CERT_FILE = '/etc/pki/tls/certs/[REDACTED].crt' LDAP_KEY_FILE = '/etc/pki/tls/private/[REDACTED].key' I have verified the chain CA cert against my local server cert and it is showing as ok.
I also was able to connect to the server using openssl s_client as shown below – openssl s_client -connect ad:636 -CAfile /etc/pki/tls/certs/chain.cer CONNECTED(00000003) Can't use SSL_get_servername depth=2 CN = ROOT-CA verify return:1 depth=1 DC = [REDACTED], DC = [REDACTED], CN = Intermediate-CA verify return:1 depth=0 verify return:1 --- Certificate chain 0 s: i:DC = [REDACTED], DC = [REDACTED], CN = Intermediate-CA 1 s:DC = [REDACTED], DC = [REDACTED], CN = Intermediate-CA i:CN = ROOT-CA --- Server certificate -----BEGIN CERTIFICATE----- [REDACTED] -----END CERTIFICATE----- subject= issuer=DC = [REDACTED], DC = [REDACTED], CN = Intermediate-CA --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512 Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512 Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-384, 384 bits --- SSL handshake has read 3355 bytes and written 469 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: [REDACTED] Session-ID-ctx: Master-Key: [REDACTED] PSK identity: None PSK identity hint: None SRP username: None Start Time: 1591252114 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes I am also able to connect and bind with the relevant account using ldp.exe from my Windows machine, so it looks like the server is able to connect to this port on the AD server fine. At this point I really don’t know what this issue is
pointing to and can not find any documentation on the issue. What am I missing here?!
Kind regards
Mat Hanson
This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return
email at info@xxxxxxxxxxxxxx.
Delete this message and any attachments from your system and do not use or disclose the contents.
| ||||
