[ https://issues.apache.org/jira/browse/AIRFLOW-4243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16812134#comment-16812134 ]
deepak tm commented on AIRFLOW-4243: ------------------------------------ Please any one help me to resolve this issue. > How to restrict UI login > ------------------------ > > Key: AIRFLOW-4243 > URL: https://issues.apache.org/jira/browse/AIRFLOW-4243 > Project: Apache Airflow > Issue Type: Task > Components: authentication, configuration > Affects Versions: 1.9.0 > Environment: Production > Reporter: deepak tm > Priority: Major > Original Estimate: 168h > Remaining Estimate: 168h > > Airflow server UI is integrated with LDAP server. In current scenario, every > user in the domain can able to login Airflow UI. Current LDAP configuration > as follows. I have created a separate group in AD server. As a security point > of view, how we can restrict that particular group users can only login > through UI. > *airflow.cfg* : > [admin] > # UI to hide sensitive variable fields when set to True > hide_sensitive_variable_fields = True > # BEGIN ANSIBLE MANAGED BLOCK > [webserver] > authenticate = True > auth_backend = airflow.contrib.auth.backends.ldap_auth > [ldap] > uri = ldaps://ldaps-prod.example.com:636 > user_filter = objectClass=* > user_name_attr = sAMAccountName > group_member_attr = memberOf > bind_user = CN=XXXXXX,OU=Service Accounts,OU=United Kingdom,OU=Regions, > DC=AVIVAGROUP,DC=COM > bind_password = XXXXXX > basedn = DC=EXAMPLE,DC=COM > cacert = /etc/ca/ldap_ca.crt > search_scope = SUBTREE > # END ANSIBLE MANAGED BLOCK > executor = LocalExecutor > max_threads = 4 > scheduler_heartbeat_sec = 60 -- This message was sent by Atlassian JIRA (v7.6.3#76005)