[
https://issues.apache.org/jira/browse/AIRFLOW-3751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786615#comment-16786615
]
ASF GitHub Bot commented on AIRFLOW-3751:
-----------------------------------------
ashb commented on pull request #4574: [AIRFLOW-3751] Ignore malformed ldap
schema option
URL: https://github.com/apache/airflow/pull/4574
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> LDAP - Malformed Schema
> -----------------------
>
> Key: AIRFLOW-3751
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3751
> Project: Apache Airflow
> Issue Type: Bug
> Components: authentication
> Affects Versions: 1.10.1
> Reporter: Colin Streicher
> Assignee: Colin Streicher
> Priority: Minor
>
> This issue only appears to happen when using an LDAP server from which schema
> is not available. This came up specifically when using Foxpass, but my
> assumption is that this sort of thing is likely to happen for any LDAP as a
> Service offering.
> Essentially, the issue is that the default setting for the ldap3 library is
> to try to pull the schema from the server. From a normal ldap server, this is
> just a call with a baseDN of '', however because of security
> concerns(presumably), services like foxpass do not return anything when the
> basedn is set to nothing.
> When the basedn is set to the normal search dn, there are no schema objects
> returned. Since the get_info parameter in the Server() call validates the
> schema by default, the call fails.
> In terms of fixing, this is pretty simple, adding a parameter that reflects
> the setting in ldap3 that ignores this fixes the issue handily.
> In my dev environment, I made the following changes to ldap_auth.py
> {code:java}
> import ldap3
> ...
> def get_ldap_connection(dn=None, password=None):
> ...
> try:
> ignore_malformed_schema = configuration.conf.get("ldap",
> "ignore_malformed_schema")
> except AirflowConfigException:
> pass
> if ignore_malformed_schema:
>
> ldap3.set_config_parameter('IGNORE_MALFORMED_SCHEMA',ignore_malformed_schema)
> ...
> {code}
> Now, with AIRFLOW__LDAP__IGNORE_MALFORMED_SCHEMA=True, things work as
> expected.
> I will open a PR for this, but before I do, I would welcome any feedback on
> if this should be done, or if it should be done differently.
> Thank you in advance for any feedback.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
