This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Issues with configuring airflow 2.6.3/python3.11 with LDAP #39379
Labels
area:core
kind:bug
This is a clearly a bug
needs-triage
label for new issues that we didn't triage yet
Apache Airflow version
Other Airflow 2 version (please specify below)
If "Other Airflow 2 version" selected, which one?
2.6.3
What happened?
It seems that ldap indirect bind/search/bind work based on following log messages. and the role [admin] is resolved too. However, login page is redirected to login page. I checked ab_user_role table, it looks good. the last_login and login_count in ab_user table looks good too. before I switched to LDAP, AUTH_DB works fine. it seems the resolved role doesn't take effective in UI login flow. I also didn't any messages/errors in the log. could someone advise how to troubleshoot /debug it further?
Thanks in advance! Xiaoming
{manager.py:1025} DEBUG - LDAP bind indirect TRY with username: '\x1b[01mCN=s700xxx,...\x1b[22m'
{manager.py:1027} DEBUG - LDAP bind indirect SUCCESS with username: '\x1b[01mCN=s700xxx,...\x1b[22m'
{manager.py:961} DEBUG - LDAP search for '\x1b[01m(cn=s700xxx)\x1b[22m' with fields ['givenName', 'sn', 'mail', 'memberOf'] in scope '\x1b[01mOU=....\x1b[22m's700xxx
{manager.py:967} DEBUG - LDAP search returned: [('CN=s700xxx,....', {'sn': [b'ZhXX'], 'givenName': [b'XXX'], 'memberOf': [b'CN=XX,OU=...' ], 'mail': [b'xx@example.com']})]
{manager.py:1036} DEBUG - LDAP bind TRY with username: '\x1b[01mCN=s700xxx,....\x1b[22m'
{manager.py:1038} DEBUG - LDAP bind SUCCESS with username: '\x1b[01mCN=s700xxx,....\x1b[22m'
{manager.py:1198} DEBUG - Calculated new roles for user='\x1b[01mCN=s700xxx,...\x1b[22m' as: [Admin]
What you think should happen instead?
A user should see the main UI page.
How to reproduce
it depends on webserver_config.py
Operating System
Redhat v8.9
Versions of Apache Airflow Providers
No response
Deployment
Other
Deployment details
pip install
Anything else?
No response
Are you willing to submit PR?
Code of Conduct
The text was updated successfully, but these errors were encountered: