[ https://issues.apache.org/jira/browse/AIRFLOW-3751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786616#comment-16786616 ]
ASF subversion and git services commented on AIRFLOW-3751: ---------------------------------------------------------- Commit 3dd79558b65fd0f5ae98ae1ab330afdf4f4c1840 in airflow's branch refs/heads/master from Colin [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=3dd7955 ] [AIRFLOW-3751] Option to allow malformed schemas for LDAP authentication (#4574) > LDAP - Malformed Schema > ----------------------- > > Key: AIRFLOW-3751 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3751 > Project: Apache Airflow > Issue Type: Bug > Components: authentication > Affects Versions: 1.10.1 > Reporter: Colin Streicher > Assignee: Colin Streicher > Priority: Minor > > This issue only appears to happen when using an LDAP server from which schema > is not available. This came up specifically when using Foxpass, but my > assumption is that this sort of thing is likely to happen for any LDAP as a > Service offering. > Essentially, the issue is that the default setting for the ldap3 library is > to try to pull the schema from the server. From a normal ldap server, this is > just a call with a baseDN of '', however because of security > concerns(presumably), services like foxpass do not return anything when the > basedn is set to nothing. > When the basedn is set to the normal search dn, there are no schema objects > returned. Since the get_info parameter in the Server() call validates the > schema by default, the call fails. > In terms of fixing, this is pretty simple, adding a parameter that reflects > the setting in ldap3 that ignores this fixes the issue handily. > In my dev environment, I made the following changes to ldap_auth.py > {code:java} > import ldap3 > ... > def get_ldap_connection(dn=None, password=None): > ... > try: > ignore_malformed_schema = configuration.conf.get("ldap", > "ignore_malformed_schema") > except AirflowConfigException: > pass > if ignore_malformed_schema: > > ldap3.set_config_parameter('IGNORE_MALFORMED_SCHEMA',ignore_malformed_schema) > ... > {code} > Now, with AIRFLOW__LDAP__IGNORE_MALFORMED_SCHEMA=True, things work as > expected. > I will open a PR for this, but before I do, I would welcome any feedback on > if this should be done, or if it should be done differently. > Thank you in advance for any feedback. -- This message was sent by Atlassian JIRA (v7.6.3#76005)