[jira] [Resolved] (AIRFLOW-3751) LDAP - Malformed Schema

[Ash Berlin-Taylor (JIRA)]

     [ 
https://issues.apache.org/jira/browse/AIRFLOW-3751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ash Berlin-Taylor resolved AIRFLOW-3751.
----------------------------------------
       Resolution: Fixed
    Fix Version/s: 1.10.3

> LDAP - Malformed Schema
> -----------------------
>
>                 Key: AIRFLOW-3751
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3751
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: authentication
>    Affects Versions: 1.10.1
>            Reporter: Colin Streicher
>            Assignee: Colin Streicher
>            Priority: Minor
>             Fix For: 1.10.3
>
>
> This issue only appears to happen when using an LDAP server from which schema 
> is not available. This came up specifically when using Foxpass, but my 
> assumption is that this sort of thing is likely to happen for any LDAP as a 
> Service offering.
> Essentially, the issue is that the default setting for the ldap3 library is 
> to try to pull the schema from the server. From a normal ldap server, this is 
> just a call with a baseDN of '', however because of security 
> concerns(presumably), services like foxpass do not return anything when the 
> basedn is set to nothing.
> When the basedn is set to the normal search dn, there are no schema objects 
> returned. Since the get_info parameter in the Server() call validates the 
> schema by default, the call fails.
> In terms of fixing, this is pretty simple, adding a parameter that reflects 
> the setting in ldap3 that ignores this fixes the issue handily.
> In my dev environment, I made the following changes to ldap_auth.py
> {code:java}
> import ldap3
> ...
> def get_ldap_connection(dn=None, password=None):
> ...
> try:
>     ignore_malformed_schema = configuration.conf.get("ldap", 
> "ignore_malformed_schema")
> except AirflowConfigException:
>     pass
> if ignore_malformed_schema:
>     
> ldap3.set_config_parameter('IGNORE_MALFORMED_SCHEMA',ignore_malformed_schema)
> ...
> {code}
> Now, with AIRFLOW__LDAP__IGNORE_MALFORMED_SCHEMA=True, things work as 
> expected.
> I will open a PR for this, but before I do, I would welcome any feedback on 
> if this should be done, or if it should be done differently.
> Thank you in advance for any feedback.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)