Issues with configuring airflow 2.6.3/python3.11 with LDAP #39731
Replies: 4 comments
-
Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval. |
Beta Was this translation helpful? Give feedback.
-
can you add your webserver_config.py? |
Beta Was this translation helpful? Give feedback.
-
This feature provided by the FAB (Flask App Builder), so you should check the documentation there https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap |
Beta Was this translation helpful? Give feedback.
-
@Taragolis ,Yes. I read it. @romsharon98. I uses DB to store session at this moment, plan to switch to cookies. it appears there is a bug. when I use 4 webserver worker by default, I got duplicated session key errors. then I changed to 1 worker. it works fine. I also need disable CSRF token because there are errors in the log. Thanks, Xiaoming """Default configuration for the Airflow webserver.""" from airflow.www.fab_security.manager import AUTH_LDAP WTF_CSRF_ENABLED = False AUTH_USER_REGISTRATION_ROLE = "Admin" AUTH_ROLE_ADMIN = 'Admin' AUTH_LDAP_SERVER = "ldap://example.com" |
Beta Was this translation helpful? Give feedback.
-
Apache Airflow version
Other Airflow 2 version (please specify below)
If "Other Airflow 2 version" selected, which one?
2.6.3
What happened?
It seems that ldap indirect bind/search/bind work based on following log messages. and the role [admin] is resolved too. However, login page is redirected to login page. I checked ab_user_role table, it looks good. the last_login and login_count in ab_user table looks good too. before I switched to LDAP, AUTH_DB works fine. it seems the resolved role doesn't take effective in UI login flow. I also didn't any messages/errors in the log. could someone advise how to troubleshoot /debug it further?
Thanks in advance! Xiaoming
{manager.py:1025} DEBUG - LDAP bind indirect TRY with username: '\x1b[01mCN=s700xxx,...\x1b[22m'
{manager.py:1027} DEBUG - LDAP bind indirect SUCCESS with username: '\x1b[01mCN=s700xxx,...\x1b[22m'
{manager.py:961} DEBUG - LDAP search for '\x1b[01m(cn=s700xxx)\x1b[22m' with fields ['givenName', 'sn', 'mail', 'memberOf'] in scope '\x1b[01mOU=....\x1b[22m's700xxx
{manager.py:967} DEBUG - LDAP search returned: [('CN=s700xxx,....', {'sn': [b'ZhXX'], 'givenName': [b'XXX'], 'memberOf': [b'CN=XX,OU=...' ], 'mail': [b'xx@example.com']})]
{manager.py:1036} DEBUG - LDAP bind TRY with username: '\x1b[01mCN=s700xxx,....\x1b[22m'
{manager.py:1038} DEBUG - LDAP bind SUCCESS with username: '\x1b[01mCN=s700xxx,....\x1b[22m'
{manager.py:1198} DEBUG - Calculated new roles for user='\x1b[01mCN=s700xxx,...\x1b[22m' as: [Admin]
What you think should happen instead?
A user should see the main UI page.
How to reproduce
it depends on webserver_config.py
Operating System
Redhat v8.9
Versions of Apache Airflow Providers
No response
Deployment
Other
Deployment details
pip install
Anything else?
No response
Are you willing to submit PR?
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions