[GitHub] [airflow] Abhishekchechani opened a new issue #8179: Airflow LDAP authentication with RBAC features

Tue, 07 Apr 2020 08:44:26 -0700 

Abhishekchechani opened a new issue #8179: Airflow LDAP authentication with 
RBAC features
URL: https://github.com/apache/airflow/issues/8179
 
 
   I am trying to enable Airflow LDAP authentication with RBAC features and did 
the following changes:
   
   1. Removed LDAP section from airflow.cfg
   
   2. Modified airflow.cfg: added rbac = true and removed authentication = True 
under the [webserver] section
   3. Create a webserver_config.py file in the AIRFLOW_HOME directory
   
   The webserver_config.py file contains:
   
   import os
   
   from airflow import configuration as conf
   
   from flask_appbuilder.security.manager import AUTH_LDAP
   
   basedir = os.path.abspath(os.path.dirname(__file__))
   
   SQLALCHEMY_DATABASE_URI = conf.get(‘core’, ‘SQL_ALCHEMY_CONN’)
   
   CSRF_ENABLED = True
   
   AUTH_TYPE = AUTH_LDAP
   
   AUTH_ROLE_ADMIN = ‘Admin’
   
   AUTH_USER_REGISTRATION = True
   
   AUTH_USER_REGISTRATION_ROLE = “Admin”
   
   AUTH_LDAP_SERVER = ‘ldaps://ldap.xxx.yyy.net:636‘
   
   AUTH_LDAP_SEARCH = “ou=Users,o=corp”
   
   AUTH_LDAP_BIND_USER = ‘cn=ldap-proxy,ou=Users,o=corp’
   
   AUTH_LDAP_BIND_PASSWORD = ‘YOUR_PASSWORD’
   
   AUTH_LDAP_UID_FIELD = ‘uid’
   
   AUTH_LDAP_USE_TLS = False
   
   AUTH_LDAP_ALLOW_SELF_SIGNED = False
   
   AUTH_LDAP_TLS_CACERTFILE = ‘/etc/ssl/certs/ldap.crt’
   
   
   After the above changes, we are able to login to Airflow with LDAP 
credentials. But the problem is that all the users have the Admin role after 
self registration, because we have given this value in 
AUTH_USER_REGISTRATION_ROLE = “Admin”.
   
   How can we dynamically assign the AUTH_USER_REGISTRATION_ROLE based on the 
users LDAP role? We have different users like tester, developer and operation 
user but with the above webserver config file all users are automatically 
assigned the Admin role via Flask_appbuilder.security under manager.py file.
   
   Is there any way to create the customize manager file and while login refer 
this customize file instead of Flask_appbuilder.security.manager.py file.
   
   Because I can not change directly in flask_appbuilder.security manager.py 
file and add the our customize role and assign  in AUTH_USER_REGISTRATION_ROLE 
based on the users LDAP role

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to