[
https://issues.apache.org/jira/browse/AIRFLOW-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16700551#comment-16700551
]
Ash Berlin-Taylor commented on AIRFLOW-3164:
--------------------------------------------
Because LDAP without TLS transmits ever users password in plain text over the
network where it could be sniffed.
In following releases (2.0.0 onwards) this version of the webserver is going to
be removed and replaced with Flask-AppBuilder so login will need changing
anyway.
https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap
Thinking about it you could switch to this new UI already (since 1.10.0. See
https://github.com/apache/incubator-airflow/blob/master/UPDATING.md#new-webserver-ui-with-role-based-access-control)
- it may be less work and would future proof you more.
> verify certificate of LDAP server
> ---------------------------------
>
> Key: AIRFLOW-3164
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3164
> Project: Apache Airflow
> Issue Type: Bug
> Reporter: Bolke de Bruin
> Priority: Blocker
> Fix For: 1.10.1
>
>
> Currently we dont verify the certificate of the Ldap server this can lead to
> security incidents.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
