NBardelot opened a new issue #9063:
URL: https://github.com/apache/airflow/issues/9063
In `contrib/auth/backends/ldap_auth.py` in the stable version of Airflow
maintained under the branch `v1-10-stable`:
```
tls_configuration = Tls(validate=ssl.CERT_REQUIRED,
ca_certs_file=cacert)
```
the behaviour of `validate` should be made configurable so that one can opt
for `ssl.CERT_OPTIONAL` as per [the documentation of
`ldap3`](https://ldap3.readthedocs.io/en/latest/ssltls.html).
I propose to add a new configuration under `ldap` named `cert_validation`
with three valid string values corresponding to the same name as the SSL
library:
* **`CERT_NONE`**: use `ssl.CERT_NONE` (certificates are ignored)
* **`CERT_OPTIONAL`**: use `ssl.CERT_OPTIONAL` (not required, but
validated if provided)
* **`CERT_REQUIRED`** _by default to match the current behaviour_: use
`ssl.CERT_REQUIRED` (required and validated)
If the configuration is omitted it default to `CERT_REQUIRED`. If it is
anything else than those three strings, the configuration should throw an error.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
