[
https://issues.apache.org/jira/browse/AIRFLOW-4410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16910006#comment-16910006
]
ASF GitHub Bot commented on AIRFLOW-4410:
-----------------------------------------
stale[bot] commented on pull request #5183: [AIRFLOW-4410]Add Non-ssl ldap
server support
URL: https://github.com/apache/airflow/pull/5183
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Ldap authentication failed when using non-ssl ldap server
> ---------------------------------------------------------
>
> Key: AIRFLOW-4410
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4410
> Project: Apache Airflow
> Issue Type: Bug
> Components: authentication
> Affects Versions: 1.10.1, 1.10.2, 1.10.3
> Environment: Python 3.6, apache-airflow==1.10.3
> Reporter: Jeremy
> Priority: Major
>
> I modified the aiflow.cfg in the $AIRFLOW_HOME with
>
> {code:java}
> [webserver]
> authenticate = True
> auth_backend = airflow.contrib.auth.backends.ldap_auth
> [ldap]
> uri = <my-url>
> user_filter = objectclass=posixAccount
> user_name_attr = uid
> group_member_attr = ou
> superuser_filter =
> data_profiler_filter =
> bind_user =
> bind_password =
> basedn = <my-dn>
> search_scope = SUBTREE{code}
>
> And I started the airflow web server with command:
> {code:java}
> airflow webserver{code}
> But when I signed in airflow in the login form, the following exception was
> rasied:
>
> {code:java}
> Traceback (most recent call last):
> File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py",
> line 2292, in wsgi_app
> response = self.full_dispatch_request()
> File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py",
> line 1815, in full_dispatch_request
> rv = self.handle_user_exception(e)
> File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py",
> line 1718, in handle_user_exception
> reraise(exc_type, exc_value, tb)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/_compat.py",
> line 35, in reraise
> raise value
> File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py",
> line 1813, in full_dispatch_request
> rv = self.dispatch_request()
> File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py",
> line 1799, in dispatch_request
> return self.view_functions[rule.endpoint](**req.view_args)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py",
> line 69, in inner
> return self._run_view(f, *args, **kwargs)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py",
> line 368, in _run_view
> return fn(self, *args, **kwargs)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/www/views.py",
> line 731, in login
> return airflow.login.login(self, request)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/utils/db.py",
> line 73, in wrapper
> return func(*args, **kwargs)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
> line 308, in login
> LdapUser.try_login(username, password)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
> line 196, in try_login
> configuration.conf.get("ldap", "bind_password"))
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
> line 72, in get_ldap_connection
> ca_certs_file=cacert)
> File
> "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/ldap3/core/tls.py",
> line 93, in __init__
> raise LDAPSSLConfigurationError('invalid CA public key file')
> ldap3.core.exceptions.LDAPSSLConfigurationError: invalid CA public key file
> {code}
> I think using non-ssl ldap server should be considered for the internal
> airflow server.
>
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
