Colin Streicher created AIRFLOW-3751:
----------------------------------------
Summary: LDAP - Malformed Schema
Key: AIRFLOW-3751
URL: https://issues.apache.org/jira/browse/AIRFLOW-3751
Project: Apache Airflow
Issue Type: Bug
Components: authentication
Affects Versions: 1.10.1
Reporter: Colin Streicher
This issue only appears to happen when using an LDAP server from which schema
is not available. This came up specifically when using Foxpass, but my
assumption is that this sort of thing is likely to happen for any LDAP as a
Service offering.
Essentially, the issue is that the default setting for the ldap3 library is to
try to pull the schema from the server. From a normal ldap server, this is just
a call with a baseDN of '', however because of security concerns(presumably),
services like foxpass do not return anything when the basedn is set to nothing.
When the basedn is set to the normal search dn, there are no schema objects
returned. Since the get_info parameter in the Server() call validates the
schema by default, the call fails.
In terms of fixing, this is pretty simple, adding a parameter that reflects the
setting in ldap3 that ignores this fixes the issue handily.
In my dev environment, I made the following changes to ldap_auth.py
{code:java}
import ldap3
...
def get_ldap_connection(dn=None, password=None):
...
try:
ignore_malformed_schema = configuration.conf.get("ldap",
"ignore_malformed_schema")
except AirflowConfigException:
pass
if ignore_malformed_schema:
ldap3.set_config_parameter('IGNORE_MALFORMED_SCHEMA',ignore_malformed_schema)
...
{code}
Now, with AIRFLOW__LDAP__IGNORE_MALFORMED_SCHEMA=True, things work as expected.
I will open a PR for this, but before I do, I would welcome any feedback on if
this should be done, or if it should be done differently.
Thank you in advance for any feedback.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
