[GitHub] [airflow] pat-s commented on issue #11436: LDAP: module 'airflow.contrib.auth.backends.ldap_auth' has no attribute 'CLIENT_AUTH'

Sat, 17 Oct 2020 14:22:07 -0700 


pat-s commented on issue #11436:
URL: https://github.com/apache/airflow/issues/11436#issuecomment-711081992


   Success! 🎉 
   
   I built a new image using the following build args
   
   ```sh
   docker build . \
     --build-arg PYTHON_BASE_IMAGE="python:3.6-slim-buster" \
     --build-arg PYTHON_MAJOR_MINOR_VERSION="3.6" \
     --build-arg 
AIRFLOW_EXTRAS="aws,azure,kubernetes,mysql,postgres,ssh,virtualenv" \
     --build-arg ADDITIONAL_PYTHON_DEPS="python-ldap" \
     --build-arg ADDITIONAL_RUNTIME_APT_DEPS="unixodbc git vim" \
     --build-arg ADDITIONAL_DEV_APT_DEPS="gcc vim build-essential python3-dev 
python2.7-dev libldap2-dev libsasl2-dev slapd ldap-utils tox lcov valgrind" \
     --build-arg ADDITIONAL_RUNTIME_ENV_VARS="ACCEPT_EULA=Y" \
   ```
   
   In addition, I enabled LDAP auth in `webserver_config.py` following the 
instructions.
   
   Last, here is my `docker-compose.yml`:
   
   ```sh
   # adapted from https://github.com/apache/airflow/pull/8621
   version: "3"
   
   services:
     postgres_airflow:
       image: postgres
       container_name: postgres_airflow
       restart: always
       environment:
         POSTGRES_USER: "airflow"
         POSTGRES_PASSWORD: "airflow"
         POSTGRES_DB: "airflow"
         POSTGRES_HOST: "postgres_airflow"
   
     initdb_adduser:
       image: my-airflow
       container_name: airflow-adduser
       depends_on:
         - postgres_airflow
       entrypoint: /bin/bash
       command: -c 'airflow db init'
   
     airflow-webserver:
       image: my-airflow
       container_name: airflow
       restart: always
       ports:
         - "9000:8080"
       command: webserver
       volumes:
         - ./:/logs
       environment:
         - 
AIRFLOW__CORE__SQL_ALCHEMY_CONN=postgresql+psycopg2://airflow:airflow@postgres_airflow:5432/airflow
         - AIRFLOW__CORE__EXECUTOR=LocalExecutor
         - AIRFLOW__CORE__LOAD_EXAMPLES=False
         - AIRFLOW__CORE__STORE_DAG_CODE=False
         - AIRFLOW__CORE__STORE_SERIALIZED_DAGS=False
         - AIRFLOW__CORE__DEFAULT_TIMEZONE=Europe/Berlin
      
         - AIRFLOW__WEBSERVER__BASE_URL=<secret>
         - AIRFLOW__WEBSERVER__AUTHENTICATE=True
         - AIRFLOW__WEBSERVER__ENABLE_PROXY_FIX=True
         - AIRFLOW__SMTP__SMTP_HOST=<secret>
         - AIRFLOW__SMTP__SMTP_USER=<secret>
         - AIRFLOW__SMTP__SMTP_PASSWORD=<secret>
         - AIRFLOW__SMTP__SMTP_PORT=587
         - AIRFLOW__SMTP__SMTP_MAIL_FROM=<secret>
         - AIRFLOW__LDAP__URI=ldap://<secret>
         - AIRFLOW__LDAP__BIND_USER=<secret>
         - AIRFLOW__LDAP__BIND_PASSWORD=<secret>
         - AIRFLOW__LDAP__BASEDN=<secret>
   ```
   
   I also tried Keycloak/openid-connect via `AUTH_TYPE = AUTH_OAUTH` but was 
not successful. Happy to switch once there is an official implementation one 
day.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to