Hi users@, Is anyone else using Airflow with LDAP webserver authentication? If so, can you please share your experiences? Thank you
On 2021/05/06 21:58:34, Lewis John McGibbney <[email protected]> wrote: > Hi users@, > Running Airflow 2.0.2 locally attempting to debug this issue. > We have configured webserver_config.py as follows > > from flask_appbuilder.security.manager import AUTH_LDAP > import os > WTF_CSRF_ENABLED = True > AUTH_TYPE = AUTH_LDAP > AUTH_ROLE_ADMIN = "Admin" > AUTH_USER_REGISTRATION = False > AUTH_USER_REGISTRATION_ROLE = "Admin" > AUTH_LDAP_SERVER = "ldaps://...:636" > AUTH_LDAP_SEARCH = "ou=personnel,dc=dir,dc=...,dc=...,dc=..." > AUTH_LDAP_BIND_USER = > "uid={},ou=applications,dc=dir,dc=...,dc=...,dc=...".format(os.environ.get("AUTH_LDAP_APPLICATION_BIND_USER")) > AUTH_LDAP_BIND_PASSWORD = > os.environ.get("AUTH_LDAP_APPLICATION_BIND_PASSWORD") > AUTH_LDAP_UID_FIELD = "uid" > AUTH_LDAP_USE_TLS = False > AUTH_LDAP_ALLOW_SELF_SIGNED = False > > This results in the following LDAP log which indicates that the query was > executed successfully. > > [06/May/2021:13:50:13 -0700] conn=17284339 op=-1 msgId=-1 - fd=212 slot=212 > LDAPS connection from ....254.239:60821 to ....125.253 > [06/May/2021:13:50:13 -0700] conn=17284339 op=0 msgId=1 - BIND > dn="uid=jsearch-airflow-sa,ou=applications,dc=dir,dc=...,dc=...,dc=..." > method=128 version=3 > [06/May/2021:13:50:13 -0700] conn=17284339 op=0 msgId=1 - RESULT err=0 tag=97 > nentries=0 etime=0 > dn="uid=jsearch-airflow-sa,ou=applications,dc=dir,dc=...,dc=...,dc=..." > [06/May/2021:13:50:14 -0700] conn=17284339 op=1 msgId=2 - SRCH > base="ou=personnel,dc=dir,dc=...,dc=...,dc=..." scope=2 filter="(uid=ech...)" > attrs="givenName sn mail" > [06/May/2021:13:50:14 -0700] conn=17284339 op=1 msgId=2 - RESULT err=0 > tag=101 nentries=1 etime=0 > [06/May/2021:13:50:14 -0700] conn=17284339 op=2 msgId=3 - BIND > dn="uid=echiu,ou=personnel,dc=dir,dc=...,dc=...,dc=..." method=128 version=3 > [06/May/2021:13:50:14 -0700] conn=17284339 op=2 msgId=3 - RESULT err=0 tag=97 > nentries=0 etime=0 dn="uid=ech...,ou=personnel,dc=dir,dc=...,dc=...,dc=..." > [06/May/2021:13:50:14 -0700] conn=17284339 op=3 msgId=4 - UNBIND > [06/May/2021:13:50:14 -0700] conn=17284339 op=3 msgId=-1 - closing from > ....254.239:60821 - U1 - Connection closed by unbind client - > [06/May/2021:13:50:14 -0700] conn=17284339 op=-1 msgId=-1 - closed. > > However this does not result in a successful user login within the Airflow > weberver and the UI reflects "Invalid login. Please try again." > > The webserver log reflects the following > > Request URL: http://localhost:8080/login/ > Request Method: POST > Status Code: 302 FOUND > Remote Address: 127.0.0.1:8080 > Referrer Policy: strict-origin-when-cross-origin > > Does anyone have any idea what is going on here? > Thank you > > lewismc > >
