[jira] [Comment Edited] (AIRFLOW-3270) Apache airflow 1.10.0 integration with LDAP anonmyously
[ https://issues.apache.org/jira/browse/AIRFLOW-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16674961#comment-16674961 ] Hari Krishna ADDEPALLI LN edited comment on AIRFLOW-3270 at 11/5/18 11:17 AM: -- [~ashb] : so, you are saying , assign value (memberOf: to group_member_attr config option ? Yes, my requirement is : # should be part of group (as specified in group_member_attr) # And superuser_filter to also carry value. Our design is that we should have admin (users assigned to the group as per superuser_filter) and non admin user (as per group_member_attr config option). Below is updated ldap env in airflow.cfg: {code:java} [ldap] uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 user_filter = objectClass=* user_name_attr = uid group_member_attr = memberOf=cn=rvs-login-mc_usphx,ou=groups,dc=odc,dc=im superuser_filter = memberOf=cn=rvs-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im data_profiler_filter = bind_user = bind_password = basedn = ou=people,dc=odc,dc=im cacert = /opt/orchestration/airflow/ldap_ca.crt search_scope = SUBTREE {code} was (Author: alnhk): [~ashb] : so, you are saying , assign value (memberOf: to group_member_attr config option ? Yes, my requirement is : # should be part of group (as specified in group_member_attr) # And superuser_filter to also carry value. Our design is that we should have admin (users assigned to the group as per superuser_filter) and non admin user (as per group_member_attr config option). Below is updated ldap env in airflow.cfg: {code:java} [ldap] uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 user_filter = objectClass=* user_name_attr = uid #group_member_attr = memberOf=cn=rvs-login-prd_usphx,ou=groups,dc=odc,dc=im group_member_attr = memberOf=cn=rvs-login-mc_usphx,ou=groups,dc=odc,dc=im superuser_filter = memberOf=cn=rvs-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im data_profiler_filter = bind_user = bind_password = basedn = ou=people,dc=odc,dc=im cacert = /opt/orchestration/airflow/ldap_ca.crt search_scope = SUBTREE {code} > Apache airflow 1.10.0 integration with LDAP anonmyously > --- > > Key: AIRFLOW-3270 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3270 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.10.0 >Reporter: Hari Krishna ADDEPALLI LN >Priority: Blocker > > Please advise what to include in airflow.cfg when going to integrate with > LDAP anonymously ? We are using DS389 as LDAP server vendor name. > > {noformat} > [webserver] > authenticate = True > auth_backend = airflow.contrib.auth.backends.ldap_auth > {noformat} > > And > > {noformat} > [ldap] > uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 > user_filter = memberOf=cn=rvs-all-prd_usphx,ou=groups,dc=odc,dc=im > user_name_attr = uid > group_member_attr = > superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im > data_profiler_filter = > bind_user = > bind_password = > basedn = ou=people,dc=odc,dc=im > cacert = /opt/orchestration/airflow/ldap_ca.crt > search_scope = LEVEL > {noformat} > I am hitting below exception: > {noformat} > File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", > line 215, in parse_filter > raise LDAPInvalidFilterError('malformed filter') > ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter > {noformat} > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (AIRFLOW-3270) Apache airflow 1.10.0 integration with LDAP anonmyously
[ https://issues.apache.org/jira/browse/AIRFLOW-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16674961#comment-16674961 ] Hari Krishna ADDEPALLI LN edited comment on AIRFLOW-3270 at 11/5/18 11:17 AM: -- [~ashb] : so, you are saying , assign value (memberOf: to group_member_attr config option ? Yes, my requirement is : # should be part of group (as specified in group_member_attr) # And superuser_filter to also carry value. Our design is that we should have admin (users assigned to the group as per superuser_filter) and non admin user (as per group_member_attr config option). Below is updated ldap env in airflow.cfg: {code:java} [ldap] uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 user_filter = objectClass=* user_name_attr = uid #group_member_attr = memberOf=cn=rvs-login-prd_usphx,ou=groups,dc=odc,dc=im group_member_attr = memberOf=cn=rvs-login-mc_usphx,ou=groups,dc=odc,dc=im superuser_filter = memberOf=cn=rvs-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im data_profiler_filter = bind_user = bind_password = basedn = ou=people,dc=odc,dc=im cacert = /opt/orchestration/airflow/ldap_ca.crt search_scope = SUBTREE {code} was (Author: alnhk): [~ashb] : so, you are saying , assign value (memberOf: to group_member_attr config option ? Yes, my requirement is : # should be part of group (as specified in group_member_attr) # And superuser_filter to also carry value. Our design is that we should have admin (users assigned to the group as per superuser_filter) and non admin user (as per group_member_attr config option). > Apache airflow 1.10.0 integration with LDAP anonmyously > --- > > Key: AIRFLOW-3270 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3270 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.10.0 >Reporter: Hari Krishna ADDEPALLI LN >Priority: Blocker > > Please advise what to include in airflow.cfg when going to integrate with > LDAP anonymously ? We are using DS389 as LDAP server vendor name. > > {noformat} > [webserver] > authenticate = True > auth_backend = airflow.contrib.auth.backends.ldap_auth > {noformat} > > And > > {noformat} > [ldap] > uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 > user_filter = memberOf=cn=rvs-all-prd_usphx,ou=groups,dc=odc,dc=im > user_name_attr = uid > group_member_attr = > superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im > data_profiler_filter = > bind_user = > bind_password = > basedn = ou=people,dc=odc,dc=im > cacert = /opt/orchestration/airflow/ldap_ca.crt > search_scope = LEVEL > {noformat} > I am hitting below exception: > {noformat} > File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", > line 215, in parse_filter > raise LDAPInvalidFilterError('malformed filter') > ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter > {noformat} > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (AIRFLOW-3270) Apache airflow 1.10.0 integration with LDAP anonmyously
[ https://issues.apache.org/jira/browse/AIRFLOW-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16674961#comment-16674961 ] Hari Krishna ADDEPALLI LN edited comment on AIRFLOW-3270 at 11/5/18 11:15 AM: -- [~ashb] : so, you are saying , assign value (memberOf:) to group_member_attr config option ? Yes, my requirement is : # should be part of group (as specified in group_member_attr) # And superuser_filter to also carry value. Our design is that we should have admin (users assigned to the group as per superuser_filter) and non admin user (as per group_member_attr config option). was (Author: alnhk): [~ashb] : so, you are saying , assign value (memberOf:) to group_member_attr config option ? > Apache airflow 1.10.0 integration with LDAP anonmyously > --- > > Key: AIRFLOW-3270 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3270 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.10.0 >Reporter: Hari Krishna ADDEPALLI LN >Priority: Blocker > > Please advise what to include in airflow.cfg when going to integrate with > LDAP anonymously ? We are using DS389 as LDAP server vendor name. > > {noformat} > [webserver] > authenticate = True > auth_backend = airflow.contrib.auth.backends.ldap_auth > {noformat} > > And > > {noformat} > [ldap] > uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 > user_filter = memberOf=cn=rvs-all-prd_usphx,ou=groups,dc=odc,dc=im > user_name_attr = uid > group_member_attr = > superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im > data_profiler_filter = > bind_user = > bind_password = > basedn = ou=people,dc=odc,dc=im > cacert = /opt/orchestration/airflow/ldap_ca.crt > search_scope = LEVEL > {noformat} > I am hitting below exception: > {noformat} > File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", > line 215, in parse_filter > raise LDAPInvalidFilterError('malformed filter') > ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter > {noformat} > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (AIRFLOW-3270) Apache airflow 1.10.0 integration with LDAP anonmyously
[ https://issues.apache.org/jira/browse/AIRFLOW-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16674961#comment-16674961 ] Hari Krishna ADDEPALLI LN edited comment on AIRFLOW-3270 at 11/5/18 11:15 AM: -- [~ashb] : so, you are saying , assign value (memberOf: to group_member_attr config option ? Yes, my requirement is : # should be part of group (as specified in group_member_attr) # And superuser_filter to also carry value. Our design is that we should have admin (users assigned to the group as per superuser_filter) and non admin user (as per group_member_attr config option). was (Author: alnhk): [~ashb] : so, you are saying , assign value (memberOf:) to group_member_attr config option ? Yes, my requirement is : # should be part of group (as specified in group_member_attr) # And superuser_filter to also carry value. Our design is that we should have admin (users assigned to the group as per superuser_filter) and non admin user (as per group_member_attr config option). > Apache airflow 1.10.0 integration with LDAP anonmyously > --- > > Key: AIRFLOW-3270 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3270 > Project: Apache Airflow > Issue Type: Bug > Components: authentication >Affects Versions: 1.10.0 >Reporter: Hari Krishna ADDEPALLI LN >Priority: Blocker > > Please advise what to include in airflow.cfg when going to integrate with > LDAP anonymously ? We are using DS389 as LDAP server vendor name. > > {noformat} > [webserver] > authenticate = True > auth_backend = airflow.contrib.auth.backends.ldap_auth > {noformat} > > And > > {noformat} > [ldap] > uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 > user_filter = memberOf=cn=rvs-all-prd_usphx,ou=groups,dc=odc,dc=im > user_name_attr = uid > group_member_attr = > superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im > data_profiler_filter = > bind_user = > bind_password = > basedn = ou=people,dc=odc,dc=im > cacert = /opt/orchestration/airflow/ldap_ca.crt > search_scope = LEVEL > {noformat} > I am hitting below exception: > {noformat} > File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", > line 215, in parse_filter > raise LDAPInvalidFilterError('malformed filter') > ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter > {noformat} > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (AIRFLOW-3270) Apache airflow 1.10.0 integration with LDAP anonmyously
[ https://issues.apache.org/jira/browse/AIRFLOW-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16673287#comment-16673287 ] Ash Berlin-Taylor edited comment on AIRFLOW-3270 at 11/2/18 3:44 PM: - [~ashb] : the '\{{ = }}' as the end of the line is copy/paste issue on this JIRA. Below is the correct one without formatting. Below is the full exception stack included. {code} [ldap] uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 user_filter = memberOf=cn=rvs-all-prd_usphx,ou=groups,dc=odc,dc=im user_name_attr = uid group_member_attr = superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im data_profiler_filter = bind_user = bind_password = basedn = ou=people,dc=odc,dc=im cacert = /opt/orchestration/airflow/ldap_ca.crt search_scope = LEVEL {code} === === {code} [2018-10-30 04:01:04,520] ERROR in app: Exception on /admin/airflow/login [POST] Traceback (most recent call last): File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise raise value File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request return self.view_functions[rule.endpoint|https://github.com/cannatag/ldap3/issues/**req.view_args] File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner return self._run_view(f, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view return fn(self, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login return airflow.login.login(self, request) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 268, in login LdapUser.try_login(username, password) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 180, in try_login search_scope=native(search_scope)) File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search [2018-10-30 04:01:04,520] [72] \{app.py:1587} ERROR - Exception on /admin/airflow/login [POST] Traceback (most recent call last): File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise raise value File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request return self.view_functions[rule.endpoint|https://github.com/cannatag/ldap3/issues/**req.view_args] File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner return self._run_view(f, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view return fn(self, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login return airflow.login.login(self, request) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 268, in login LdapUser.try_login(username, password) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 180, in try_login search_scope=native(search_scope)) File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search check_names=self.check_names) File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 372, in search_operation request['filter'] = compile_filter(parse_filter(search_filter, schema, auto_escape, auto_encode, validator, check_names).elements[0]) # parse the searchFilter string and compile it starting from the root node File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 215, in parse_filter raise LDAPInvalidFilterError('malformed filter') ldap3.core.exceptions.LDAPInvalidFi
[jira] [Comment Edited] (AIRFLOW-3270) Apache airflow 1.10.0 integration with LDAP anonmyously
[ https://issues.apache.org/jira/browse/AIRFLOW-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16673287#comment-16673287 ] Hari Krishna ADDEPALLI LN edited comment on AIRFLOW-3270 at 11/2/18 3:42 PM: - [~ashb] : the '\{{ = }}' as the end of the line is copy/paste issue on this JIRA. Below is the correct one without formatting. Below is the full exception stack included. [ldap] uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389 user_filter = memberOf=cn=rvs-all-prd_usphx,ou=groups,dc=odc,dc=im user_name_attr = uid group_member_attr = superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im data_profiler_filter = bind_user = bind_password = basedn = ou=people,dc=odc,dc=im cacert = /opt/orchestration/airflow/ldap_ca.crt search_scope = LEVEL === === [2018-10-30 04:01:04,520] ERROR in app: Exception on /admin/airflow/login [POST] Traceback (most recent call last): File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise raise value File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request return self.view_functions[rule.endpoint|https://github.com/cannatag/ldap3/issues/**req.view_args] File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner return self._run_view(f, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view return fn(self, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login return airflow.login.login(self, request) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 268, in login LdapUser.try_login(username, password) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 180, in try_login search_scope=native(search_scope)) File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search [2018-10-30 04:01:04,520] [72] \{app.py:1587} ERROR - Exception on /admin/airflow/login [POST] Traceback (most recent call last): File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise raise value File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request return self.view_functions[rule.endpoint|https://github.com/cannatag/ldap3/issues/**req.view_args] File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 69, in inner return self._run_view(f, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/flask_admin/base.py", line 368, in _run_view return fn(self, *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/airflow/www/views.py", line 650, in login return airflow.login.login(self, request) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 268, in login LdapUser.try_login(username, password) File "/usr/local/lib/python3.5/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 180, in try_login search_scope=native(search_scope)) File "/usr/local/lib/python3.5/site-packages/ldap3/core/connection.py", line 779, in search check_names=self.check_names) File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 372, in search_operation request['filter'] = compile_filter(parse_filter(search_filter, schema, auto_escape, auto_encode, validator, check_names).elements[0]) # parse the searchFilter string and compile it starting from the root node File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py", line 215, in parse_filter raise LDAPInvalidFilterError('malformed filter') ldap3.core.exceptions.LDAPInvalidFilter