dramis opened a new issue, #68477:
URL: https://github.com/apache/airflow/issues/68477
### Under which category would you file this issue?
Providers
### Apache Airflow version
3.2.2
### What happened and how to reproduce it?
Users are unable to log in to the Apache Airflow web interface when LDAP
authentication is configured as the backend. The login page loads normally, but
submitting valid credentials results in an internal server error. No successful
LDAP authentication occurs.
Error:
`Jun 12 13:09:52 fondor airflow[5382]: [2026-06-12T17:09:52.820727Z]
{app.py:875} ERROR - Exception on /login/ [POST]
Jun 12 13:09:52 fondor airflow[5382]: Traceback (most recent call last):
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/flask/app.py", line 1511, in
wsgi_app
Jun 12 13:09:52 fondor airflow[5382]: response =
self.full_dispatch_request()
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/flask/app.py", line 919, in
full_dispatch_request
Jun 12 13:09:52 fondor airflow[5382]: rv = self.handle_user_exception(e)
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/flask/app.py", line 917, in
full_dispatch_request
Jun 12 13:09:52 fondor airflow[5382]: rv = self.dispatch_request()
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/flask/app.py", line 902, in
dispatch_request
Jun 12 13:09:52 fondor airflow[5382]: return
self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type:
ignore[no-any-return]
Jun 12 13:09:52 fondor airflow[5382]:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/flask_appbuilder/security/decorators.py",
line 36, in wrapped_view
Jun 12 13:09:52 fondor airflow[5382]: response =
make_response(view(*args, **kwargs))
Jun 12 13:09:52 fondor airflow[5382]:
~~~~^^^^^^^^^^^^^^^^^
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/flask_appbuilder/security/views.py",
line 649, in login
Jun 12 13:09:52 fondor airflow[5382]: user =
self.appbuilder.sm.auth_user_ldap(
Jun 12 13:09:52 fondor airflow[5382]: form.username.data,
form.password.data
Jun 12 13:09:52 fondor airflow[5382]: )
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py",
line 1981, in auth_user_ldap
Jun 12 13:09:52 fondor airflow[5382]: user_dn, user_attributes =
self._search_ldap(ldap, con, username)
Jun 12 13:09:52 fondor airflow[5382]:
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
Jun 12 13:09:52 fondor airflow[5382]: File
"/opt/airflow/venv/lib/python3.13/site-packages/airflow/providers/fab/auth_manager/security_manager/override.py",
line 2473, in _search_ldap
Jun 12 13:09:52 fondor airflow[5382]: escaped_username =
ldap.filter.escape_filter_chars(username)
Jun 12 13:09:52 fondor airflow[5382]: ^^^^^^^^^^^
Jun 12 13:09:52 fondor airflow[5382]: AttributeError: module 'ldap' has no
attribute 'filter'`
### What you think should happen instead?
Users with valid LDAP credentials should be authenticated and redirected to
the Airflow dashboard.
### Operating System
debian 13.5
### Deployment
Virtualenv installation
### Apache Airflow Provider(s)
fab
### Versions of Apache Airflow Providers
apache-airflow-providers-amazon==9.30.0
apache-airflow-providers-common-compat==1.15.0
apache-airflow-providers-common-io==1.7.3
apache-airflow-providers-common-sql==2.0.1
apache-airflow-providers-elasticsearch==6.6.0
apache-airflow-providers-fab==3.6.5
apache-airflow-providers-git==0.4.0
apache-airflow-providers-http==6.0.3
apache-airflow-providers-postgres==6.7.1
apache-airflow-providers-samba==4.12.6
apache-airflow-providers-smtp==3.0.1
apache-airflow-providers-ssh==5.0.2
apache-airflow-providers-standard==1.14.0
### Official Helm Chart version
Not Applicable
### Kubernetes Version
_No response_
### Helm Chart configuration
_No response_
### Docker Image customizations
_No response_
### Anything else?
A one-line patch has been applied directly to override.py using sed to
inject the missing import statement. This restores LDAP login functionality
immediately without requiring a provider downgrade.
Command applied on the fondor server:
sed -i 's/^import ldap$/import ldap\nimport ldap.filter/' \
$(python -c "import importlib; import os; m = importlib.import_module(
'airflow.providers.fab.auth_manager.security_manager.override');
print(os.path.abspath(m.__file__))")
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [x] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
