HwiLu opened a new issue, #28026:
URL: https://github.com/apache/airflow/issues/28026
### Apache Airflow version
Other Airflow 2 version (please specify below)
### What happened
When I config `webserver_config.py` with ` AUTH_LDAP_BIND_USER` and
`AUTH_LDAP_BIND_PASSWORD` like offical documents shows, to login webserver will
throw errors like below,but if I config `auth_ldap_bind_user` which is
lowercase, I can login webserver without error.
The final configuration is below and it works. I have tested this strange
phenomenon many times, and it shows that is true.
>[2022-11-30 17:51:51,022] {manager.py:994} ERROR - AUTH_LDAP_BIND_USER and
AUTH_LDAP_BIND_PASSWORD are not valid LDAP bind credentials
[2022-11-30 17:51:51,023] {manager.py:1201} ERROR - {'msgtype': 97, 'msgid':
1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': [], 'info': '80090308:
LdapErr: DSID-0C09041C, comment: AcceptSecurityContext error, data 52e, v4563'}
```py
# AUTH_OAUTH : Is for OAuth
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_ROLE_PUBLIC = 'Public'
AUTH_LDAP_SERVER = "ldap://192.168.11.211:389";
AUTH_LDAP_USE_TLS = False
# registration configs
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Public"
AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
AUTH_LDAP_LASTNAME_FIELD = "sn"
AUTH_LDAP_EMAIL_FIELD = "mail"
#AUTH_LDAP_USERNAME_FORMAT = "uid=%s,ou=AI-FPT,ou=iea,dc=iea,dc=com"
AUTH_LDAP_APPEND_DOMAIN = "iea.com"
# search configs
AUTH_LDAP_SEARCH = "OU=AI-FPT,OU=iea,DC=iea,DC=com"
#AUTH_LDAP_SEARCH_FILTER =
"(memberOf=cn=gitlab-users,ou=AI-FPT,ou=iea,dc=iea,dc=com)"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
auth_ldap_bind_user = "CN=zeppelinadmin,OU=AI-FPT,OU=idea,DC=iea,DC=com"
auth_ldap_bind_password = ''
#AUTH_LDAP_BIND_USER = "CN=zeppelinadmin,OU=AI-FPT,OU=iea,DC=iea,DC=com"
#AUTH_LDAP_BIND_PASSWORD = ""
AUTH_ROLES_MAPPING = {
"CN=gitlab-users,OU=AI-FPT,OU=iea,DC=iea,DC=com": ["User"],
"CN=zeppelinadmins,OU=AI-FPT,OU=iea,DC=iea,DC=com": ["Admin"],
}
AUTH_LDAP_GROUP_FIELD = "memberOf"
AUTH_ROLES_SYNC_AT_LOGIN = True
PERMANENT_SESSION_LIFETIME = 1800
```
### What you think should happen instead
` AUTH_LDAP_BIND_USER` which is upper case should work.
### How to reproduce
config `webserver_config.py` with `auth_ldap_bind_user` instead of
`AUTH_LDAP_BIND_USER`, restart webserver and try to login
### Operating System
[root@hadoop-180-91 airflow]# cat /etc/os-release NAME="CentOS Linux"
VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/";
BUG_REPORT_URL="https://bugs.centos.org/"; CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
### Versions of Apache Airflow Providers
[root@hadoop-180-91 airflow]# pip freeze | grep apache-airflow
apache-airflow==2.3.4
apache-airflow-providers-common-sql==1.3.0
apache-airflow-providers-ftp==3.2.0
apache-airflow-providers-http==4.1.0
apache-airflow-providers-imap==3.1.0
apache-airflow-providers-sqlite==3.3.0
[root@hadoop-180-91 airflow]#
### Deployment
Other
### Deployment details
_No response_
### Anything else
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
