[ https://issues.apache.org/jira/browse/AIRFLOW-352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15401741#comment-15401741 ]
peter pang commented on AIRFLOW-352: ------------------------------------ These modifications affect all the authentication methods. for example, password_auth.py --> class PasswordUser(models.User): must added the same method: def get_username(self): return self.user.username .... > filter_by_owner is not working when use ldap authentication > ----------------------------------------------------------- > > Key: AIRFLOW-352 > URL: https://issues.apache.org/jira/browse/AIRFLOW-352 > Project: Apache Airflow > Issue Type: Bug > Components: contrib, security, webserver > Affects Versions: Airflow 1.7.1.3 > Environment: ubuntu 14.04 LTS , ldap without encryption > Reporter: peter pang > Labels: security > > I set airflow.cfg as follows: > {noformat} > [webserver] > filter_by_owner = True > authenticate = TRUE > auth_backend = airflow.contrib.auth.backends.ldap_auth > [ldap] > uri = ldap://xx.xx.xx.xx > user_filter = objectClass=* > user_name_attr = uid > superuser_filter = > memberOf=CN=airflow-super-users,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com > data_profiler_filter = > memberOf=CN=airflow-data-profilers,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com > bind_user = cn=admin,dc=example,dc=com > bind_password = secret > basedn = dc=example,dc=com > cacert = /etc/ca/ldap_ca.crt > search_scope=SUBTREE > {noformat} > then I run the webUI , and I can login with superuser and data_profiler user. > But after login with data profiler user, entered the data profiler user home > view , there's no dags listed with the same dag owner. It seems the > filter_by_owner setting is not working. > Debug into the views.py --> class HomeView(AdminIndexView): > {color:red}current_user.username{color} always get{color:red} "None"{color}. > It seems we can't get username directly. > so , continue debug into the ldap_auth.py --> class LdapUser(models.User): > I added a method to return username > {code} > def get_username(self): > return self.user.username > {code} > then back to view.py , replace 'current_user.username' to > {color:red}'current_user.get_username()'{color} , the user filter can work > now! > I don't know exactly why, but the modification can work... -- This message was sent by Atlassian JIRA (v6.3.4#6332)