Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP3 - anonymous : ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter #606

Closed
alnhk opened this issue Oct 29, 2018 · 5 comments

Comments

@alnhk
Copy link

alnhk commented Oct 29, 2018

Hello.,
airflow 1.8.0-1.6.1 with LDAP integration also use ldap3 python module. However, we are integrating with openldap/DS389 anonymously. And provided only this below as shown :

uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389
user_filter = objectClass=*
user_name_attr = uid
group_member_attr =memberOf=cn=rvs-login-prd_usphx,ou=groups,dc=odc,dc=im
superuser_filter =memberOf=cn=rvs-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im
data_profiler_filter =
bind_user =
bind_password =
basedn = ou=people,dc=odc,dc=im
cacert = /opt/orchestration/airflow/ldap_ca.crt
search_scope = SUBTREE
ssl_ldap=False
use_ssl=False

And when verifying thru Airflow web server which also use ldap3 module, and failed with below exception - "malformed filter", please advise the resolution to above variables/values as well as anonymous LDAP integration. Requirement is, allow Apache AIRFLOW to integrate with LDAP anonymously (using LDAP3 modules) , use groups and superuser group only. Apache Airflow use LDAP3 for LDAP integration.

### [2018-10-29 10:14:14,938] [71] {ldap_auth.py:269} INFO - User user0123 successfully authenticated
[2018-10-29 10:14:15,258] ERROR in app: Exception on /admin/airflow/login [POST]
Traceback (most recent call last):
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner
return self._run_view(f, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view
return fn(self, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login
return airflow.login.login(self, request)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 282, in login
flask_login.login_user(LdapUser(user))
File "", line 4, in init
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/orm/state.py", line 414, in _initialize_instance
manager.dispatch.init_failure(self, args, kwargs)
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/util/langhelpers.py", line 66, in exit
compat.reraise(exc_type, exc_value, exc_tb)
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/util/compat.py", line 187, in reraise
raise value
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/orm/state.py", line 411, in _initialize_instance
return manager.original_init(*mixed[1:], **kwargs)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 140, in init
[2018-10-29 10:14:15,258] [71] {app.py:1587} ERROR - Exception on /admin/airflow/login [POST]
Traceback (most recent call last):
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner
return self._run_view(f, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view
return fn(self, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login
return airflow.login.login(self, request)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 282, in login
flask_login.login_user(LdapUser(user))
File "", line 4, in init
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/orm/state.py", line 414, in _initialize_instance
manager.dispatch.init_failure(self, args, kwargs)
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/util/langhelpers.py", line 66, in exit
compat.reraise(exc_type, exc_value, exc_tb)
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/util/compat.py", line 187, in reraise
raise value
File "/usr/local/lib/python3.5/site-packages/sqlalchemy/orm/state.py", line 411, in _initialize_instance
return manager.original_init(*mixed[1:], **kwargs)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 140, in init
user.username)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 76, in group_contains_user
attributes=[native(user_name_attr)]):
File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search
check_names=self.check_names)
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 372, in search_operation
request['filter'] = compile_filter(parse_filter(search_filter, schema, auto_escape, auto_encode, validator, check_names).elements[0]) # parse the searchFilter string and compile it starting from the root node
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 215, in parse_filter
raise LDAPInvalidFilterError('malformed filter')
ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter

user.username)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 76, in group_contains_user
attributes=[native(user_name_attr)]):
File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search
check_names=self.check_names)
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 372, in search_operation
request['filter'] = compile_filter(parse_filter(search_filter, schema, auto_escape, auto_encode, validator, check_names).elements[0]) # parse the searchFilter string and compile it starting from the root node
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 215, in parse_filter
raise LDAPInvalidFilterError('malformed filter')
ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter

@alnhk
Copy link
Author

alnhk commented Oct 29, 2018

@cannatag : please advise if you have any resolution/idea.

@cannatag
Copy link
Owner

cannatag commented Oct 29, 2018 via email

@alnhk
Copy link
Author

alnhk commented Oct 30, 2018

@cannatag : yes, we tried using (objectClass=*) for user_filter, same issue persists below log :

[2018-10-30 04:01:04,520] ERROR in app: Exception on /admin/airflow/login [POST]
Traceback (most recent call last):
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner
return self._run_view(f, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view
return fn(self, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login
return airflow.login.login(self, request)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 268, in login
LdapUser.try_login(username, password)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 180, in try_login
search_scope=native(search_scope))
File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search
[2018-10-30 04:01:04,520] [72] {app.py:1587} ERROR - Exception on /admin/airflow/login [POST]
Traceback (most recent call last):
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner
return self._run_view(f, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view
return fn(self, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login
return airflow.login.login(self, request)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 268, in login
LdapUser.try_login(username, password)
File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 180, in try_login
search_scope=native(search_scope))
File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search
check_names=self.check_names)
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 372, in search_operation
request['filter'] = compile_filter(parse_filter(search_filter, schema, auto_escape, auto_encode, validator, check_names).elements[0]) # parse the searchFilter string and compile it starting from the root node
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 215, in parse_filter
raise LDAPInvalidFilterError('malformed filter')
ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter
check_names=self.check_names)
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 372, in search_operation
request['filter'] = compile_filter(parse_filter(search_filter, schema, auto_escape, auto_encode, validator, check_names).elements[0]) # parse the searchFilter string and compile it starting from the root node
File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 215, in parse_filter
raise LDAPInvalidFilterError('malformed filter')
ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter

@cannatag
Copy link
Owner

cannatag commented Dec 7, 2018

Hi, do you still have this problem? You could try to enable ldap3 logging at DEBUG level to see what the malformed filter is.

@cannatag
Copy link
Owner

I'm closing this issue. Please reopen if you still have this problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants