[jira] [Commented] (AIRFLOW-3751) LDAP - Malformed Schema

Thu, 07 Mar 2019 02:49:17 -0800 


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-3751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786616#comment-16786616
 ] 

ASF subversion and git services commented on AIRFLOW-3751:
----------------------------------------------------------

Commit 3dd79558b65fd0f5ae98ae1ab330afdf4f4c1840 in airflow's branch 
refs/heads/master from Colin
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=3dd7955 ]

[AIRFLOW-3751] Option to allow malformed schemas for LDAP authentication (#4574)



> LDAP - Malformed Schema
> -----------------------
>
>                 Key: AIRFLOW-3751
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3751
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: authentication
>    Affects Versions: 1.10.1
>            Reporter: Colin Streicher
>            Assignee: Colin Streicher
>            Priority: Minor
>
> This issue only appears to happen when using an LDAP server from which schema 
> is not available. This came up specifically when using Foxpass, but my 
> assumption is that this sort of thing is likely to happen for any LDAP as a 
> Service offering.
> Essentially, the issue is that the default setting for the ldap3 library is 
> to try to pull the schema from the server. From a normal ldap server, this is 
> just a call with a baseDN of '', however because of security 
> concerns(presumably), services like foxpass do not return anything when the 
> basedn is set to nothing.
> When the basedn is set to the normal search dn, there are no schema objects 
> returned. Since the get_info parameter in the Server() call validates the 
> schema by default, the call fails.
> In terms of fixing, this is pretty simple, adding a parameter that reflects 
> the setting in ldap3 that ignores this fixes the issue handily.
> In my dev environment, I made the following changes to ldap_auth.py
> {code:java}
> import ldap3
> ...
> def get_ldap_connection(dn=None, password=None):
> ...
> try:
>     ignore_malformed_schema = configuration.conf.get("ldap", 
> "ignore_malformed_schema")
> except AirflowConfigException:
>     pass
> if ignore_malformed_schema:
>     
> ldap3.set_config_parameter('IGNORE_MALFORMED_SCHEMA',ignore_malformed_schema)
> ...
> {code}
> Now, with AIRFLOW__LDAP__IGNORE_MALFORMED_SCHEMA=True, things work as 
> expected.
> I will open a PR for this, but before I do, I would welcome any feedback on 
> if this should be done, or if it should be done differently.
> Thank you in advance for any feedback.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to