Abhishekchechani opened a new issue #8179: Airflow LDAP authentication with RBAC features URL: https://github.com/apache/airflow/issues/8179 I am trying to enable Airflow LDAP authentication with RBAC features and did the following changes: 1. Removed LDAP section from airflow.cfg 2. Modified airflow.cfg: added rbac = true and removed authentication = True under the [webserver] section 3. Create a webserver_config.py file in the AIRFLOW_HOME directory The webserver_config.py file contains: import os from airflow import configuration as conf from flask_appbuilder.security.manager import AUTH_LDAP basedir = os.path.abspath(os.path.dirname(__file__)) SQLALCHEMY_DATABASE_URI = conf.get(‘core’, ‘SQL_ALCHEMY_CONN’) CSRF_ENABLED = True AUTH_TYPE = AUTH_LDAP AUTH_ROLE_ADMIN = ‘Admin’ AUTH_USER_REGISTRATION = True AUTH_USER_REGISTRATION_ROLE = “Admin” AUTH_LDAP_SERVER = ‘ldaps://ldap.xxx.yyy.net:636‘ AUTH_LDAP_SEARCH = “ou=Users,o=corp” AUTH_LDAP_BIND_USER = ‘cn=ldap-proxy,ou=Users,o=corp’ AUTH_LDAP_BIND_PASSWORD = ‘YOUR_PASSWORD’ AUTH_LDAP_UID_FIELD = ‘uid’ AUTH_LDAP_USE_TLS = False AUTH_LDAP_ALLOW_SELF_SIGNED = False AUTH_LDAP_TLS_CACERTFILE = ‘/etc/ssl/certs/ldap.crt’ After the above changes, we are able to login to Airflow with LDAP credentials. But the problem is that all the users have the Admin role after self registration, because we have given this value in AUTH_USER_REGISTRATION_ROLE = “Admin”. How can we dynamically assign the AUTH_USER_REGISTRATION_ROLE based on the users LDAP role? We have different users like tester, developer and operation user but with the above webserver config file all users are automatically assigned the Admin role via Flask_appbuilder.security under manager.py file. Is there any way to create the customize manager file and while login refer this customize file instead of Flask_appbuilder.security.manager.py file. Because I can not change directly in flask_appbuilder.security manager.py file and add the our customize role and assign in AUTH_USER_REGISTRATION_ROLE based on the users LDAP role
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
