deepak tm created AIRFLOW-4243:
----------------------------------
Summary: How to restrict UI login
Key: AIRFLOW-4243
URL: https://issues.apache.org/jira/browse/AIRFLOW-4243
Project: Apache Airflow
Issue Type: Task
Components: authentication, configuration
Affects Versions: 1.9.0
Environment: Production
Reporter: deepak tm
Airflow server UI is integrated with LDAP server. In current scenario, every
user in the domain can able to login Airflow UI. Current LDAP configuration as
follows. I have created a separate group in AD server. As a security point of
view, how we can restrict that particular group users can only login through UI.
*airflow.cfg* :
[admin]
# UI to hide sensitive variable fields when set to True
hide_sensitive_variable_fields = True
# BEGIN ANSIBLE MANAGED BLOCK
[webserver]
authenticate = True
auth_backend = airflow.contrib.auth.backends.ldap_auth
[ldap]
uri = ldaps://ldaps-prod.example.com:636
user_filter = objectClass=*
user_name_attr = sAMAccountName
group_member_attr = memberOf
bind_user = CN=XXXXXX,OU=Service Accounts,OU=United Kingdom,OU=Regions,
DC=AVIVAGROUP,DC=COM
bind_password = XXXXXX
basedn = DC=EXAMPLE,DC=COM
cacert = /etc/ca/ldap_ca.crt
search_scope = SUBTREE
# END ANSIBLE MANAGED BLOCK
executor = LocalExecutor
max_threads = 4
scheduler_heartbeat_sec = 60
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
