Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap authentication fails against ldap.js #7062

Closed
andreimirt opened this issue Dec 16, 2023 · 2 comments
Closed

ldap authentication fails against ldap.js #7062

andreimirt opened this issue Dec 16, 2023 · 2 comments
Assignees
@andreimirt
Labels
Bug EDB Sprint 159
Milestone
8.2

Comments

@andreimirt
Copy link

Describe the bug

Authentication fails against ldap.js because the the requested schema doesn't pass validation, even though the schema is not needed for authentication, so the server could be defined using get_info=None instead of get_info=ALL

To Reproduce

Steps to reproduce the behavior:

  1. Spin node ldap.js server
  2. Configure authentication by following pgadmin documentation
  3. Check the logs for the error raise LDAPSchemaError('malformed schema definition, use get_info=NONE in Server definition')

Expected behavior

The LDAP user should be authenticated considering that regardless of the validity of the schema, it is not needed for authentication.

Error message

2023-12-16 01:48 | ldap3.core.exceptions.LDAPSchemaError: malformed schema definition, use get_info=NONE in Server definition | stdout
-- | -- | --
2023-12-16 01:48 | raise LDAPSchemaError('malformed schema definition, use get_info=NONE in Server definition') | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/protocol/rfc4512.py", line 552, in from_definition | stdout
2023-12-16 01:48 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | stdout
2023-12-16 01:48 | self.object_classes = ObjectClassInfo.from_definition(attributes.pop('objectClasses', [])) | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/protocol/rfc4512.py", line 299, in __init__ | stdout
2023-12-16 01:48 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | stdout
2023-12-16 01:48 | self._schema_info = SchemaInfo(schema_entry, response[0]['attributes'], response[0]['raw_attributes']) | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/core/server.py", line 501, in _get_schema_info | stdout
2023-12-16 01:48 | self._get_schema_info(connection) | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/core/server.py", line 525, in get_info_from_server | stdout
2023-12-16 01:48 | self.server.get_info_from_server(self) | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/core/connection.py", line 1427, in refresh_server_info | stdout
2023-12-16 01:48 | self.refresh_server_info() | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/core/connection.py", line 671, in bind | stdout
2023-12-16 01:48 | self.bind(read_server_info=True) | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/core/connection.py", line 389, in _do_auto_bind | stdout
2023-12-16 01:48 | self._do_auto_bind() | stdout
2023-12-16 01:48 | File "/venv/lib/python3.11/site-packages/ldap3/core/connection.py", line 363, in __init__ | stdout
2023-12-16 01:48 | ^^^^^^^^^^^^^^^^^^ | stdout
2023-12-16 01:48 | self.conn = Connection(server, | stdout
2023-12-16 01:48 | File "/pgadmin4/pgadmin/authenticate/ldap.py", line 125, in connect | stdout
2023-12-16 01:48 | Traceback (most recent call last): | stdout
2023-12-16 01:48 | 2023-12-15  23:48:04,392: ERROR	pgadmin:	Error connecting to the LDAP server:  malformed schema definition, use get_info=NONE in Server definition

Official Docker image

  • OS: [e.g. Windows 10, OSX monterey]
  • Version: [8.1]
  • Mode: [Server]
  • Browser (if running in server mode): [firefox]
  • Package type: [Container]

Additional context

I am using the Azure-LDAP-wrapper that uses ldap.js server, but I'm using it to authenticate successfully multiple services, including postgresql. I am aware that if there wouldn't be any other issue either in the server or in the client, the current ldap client implementation in pgadmin should not make a difference, but considering that likely server.schema is not necessary for authentication, pgadmin should perhaps not request it, which allows ldap authentication on more systems.

Workaround

To temporary fix the issue I did exactly what the error message from ldap3 library suggests in the error message. I modified ldap.py in the sense of modifying get_info=ALL to get_info=None. This allows authentication without any issues. Changing this would leave server.schema empty, but I couldn't find any place where it would be needed.
@andreimirt andreimirt added the Bug label Dec 16, 2023
@akshay-joshi akshay-joshi moved this to 🆕 New in Current Sprint (184) Dec 20, 2023
@akshay-joshi akshay-joshi moved this from 🆕 New to 🏗 In Progress in Current Sprint (184) Dec 22, 2023
khushboovashi added a commit to khushboovashi/pgadmin4 that referenced this issue Dec 22, 2023
@khushboovashi
Introduce LDAP configuration parameter LDAP_IGNORE_MALFORMED_SCHEMA t…
085e5e0 
…o ignore fetching schema from the LDAP server. pgadmin-org#7062
@khushboovashi khushboovashi moved this from 🏗 In Progress to In Review in Current Sprint (184) Dec 22, 2023
@khushboovashi
Copy link
Contributor

@andreimirt, please test #7080.
Set config parameter LDAP_IGNORE_MALFORMED_SCHEMA to True and test.

akshay-joshi pushed a commit that referenced this issue Jan 1, 2024
@khushboovashi
Introduce LDAP configuration parameter LDAP_IGNORE_MALFORMED_SCHEMA t…
3fa4e82 
…o ignore fetching schema from the LDAP server. #7062
@akshay-joshi akshay-joshi moved this from In Review to In Testing in Current Sprint (184) Jan 1, 2024
@akshay-joshi akshay-joshi added this to the 8.2 milestone Jan 1, 2024
@yogeshmahajan-1903 yogeshmahajan-1903 self-assigned this Jan 1, 2024
@yogeshmahajan-1903
Copy link
Contributor

@andreimirt
Can you please verify the fix?
I am not able to reproduce issue where I have setup the ldap server with ldap.js.

@akshay-joshi akshay-joshi moved this from In Testing to ✅ Done in Current Sprint (184) Jan 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andreimirt andreimirt

Labels
Bug EDB Sprint 159
Projects
None yet
Milestone
8.2
Development

No branches or pull requests
4 participants
@akshay-joshi @khushboovashi @yogeshmahajan-1903 @andreimirt