[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236671478 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The +certificate presented by the LDAP server must be signed by a trusted +certificiate, or you must provide the `cacert` option under `[ldap]` in the +config file. + +If you want to use LDAP auth backend without TLS then you will habe to create a +custom-auth backend based on +https://github.com/apache/incubator-airflow/blob/1.10.0/airflow/contrib/auth/backends/ldap_auth.py Review comment: Why we did a breaking change without option to configure this ? Not everyone is using TLS enabled LDAP. Upgrade from 1.10.0 to 1.10.1 completely broke my Airflow instalation. And this should be bugfix release. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236668195 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The +certificate presented by the LDAP server must be signed by a trusted +certificiate, or you must provide the `cacert` option under `[ldap]` in the +config file. + +If you want to use LDAP auth backend without TLS then you will habe to create a +custom-auth backend based on +https://github.com/apache/incubator-airflow/blob/1.10.0/airflow/contrib/auth/backends/ldap_auth.py Review comment: So my question one more time. Why we created not backward compatible change in bugfix upgrade ? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236668195 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The +certificate presented by the LDAP server must be signed by a trusted +certificiate, or you must provide the `cacert` option under `[ldap]` in the +config file. + +If you want to use LDAP auth backend without TLS then you will habe to create a +custom-auth backend based on +https://github.com/apache/incubator-airflow/blob/1.10.0/airflow/contrib/auth/backends/ldap_auth.py Review comment: So my question one more time. Why we created not backward compatible change in bugfix upgrade ? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236633963 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The +certificate presented by the LDAP server must be signed by a trusted +certificiate, or you must provide the `cacert` option under `[ldap]` in the Review comment: certificate This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236633899 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The Review comment: server This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236633963 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The +certificate presented by the LDAP server must be signed by a trusted +certificiate, or you must provide the `cacert` option under `[ldap]` in the Review comment: certificate This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236634155 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The +certificate presented by the LDAP server must be signed by a trusted +certificiate, or you must provide the `cacert` option under `[ldap]` in the +config file. + +If you want to use LDAP auth backend without TLS then you will habe to create a +custom-auth backend based on +https://github.com/apache/incubator-airflow/blob/1.10.0/airflow/contrib/auth/backends/ldap_auth.py Review comment: How to configure this backend ? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP
maver1ck commented on a change in pull request #4006: [AIRFLOW-3164] Verify server certificate when connecting to LDAP URL: https://github.com/apache/incubator-airflow/pull/4006#discussion_r236634094 ## File path: UPDATING.md ## @@ -87,6 +87,17 @@ configuration, so creating EMR clusters might fail until your connection is upda Ec2SubnetId, TerminationProtection and KeepJobFlowAliveWhenNoSteps were all top-level keys when they should be inside the "Instances" dict) +### LDAP Auth Backend now requires TLS + +Connecting to an LDAP serever over plain text is not supported anymore. The +certificate presented by the LDAP server must be signed by a trusted +certificiate, or you must provide the `cacert` option under `[ldap]` in the +config file. + +If you want to use LDAP auth backend without TLS then you will habe to create a Review comment: have This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
