[jira] [Commented] (AIRFLOW-352) filter_by_owner is not working when use ldap authentication

Mon, 01 Aug 2016 02:05:16 -0700 

    [ 
https://issues.apache.org/jira/browse/AIRFLOW-352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15401741#comment-15401741
 ] 

peter pang commented on AIRFLOW-352:
------------------------------------

These modifications affect all the authentication methods. 

for example,
password_auth.py --> class PasswordUser(models.User): 
must added the same method:

def get_username(self):
        return self.user.username

....

> filter_by_owner is not working when use ldap authentication
> -----------------------------------------------------------
>
>                 Key: AIRFLOW-352
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-352
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: contrib, security, webserver
>    Affects Versions: Airflow 1.7.1.3
>         Environment: ubuntu 14.04 LTS ,  ldap without encryption 
>            Reporter: peter pang
>              Labels: security
>
> I set airflow.cfg as follows:
> {noformat}
> [webserver]
> filter_by_owner = True
> authenticate = TRUE
> auth_backend = airflow.contrib.auth.backends.ldap_auth
> [ldap]
> uri = ldap://xx.xx.xx.xx
> user_filter = objectClass=*
> user_name_attr = uid
> superuser_filter = 
> memberOf=CN=airflow-super-users,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com
> data_profiler_filter = 
> memberOf=CN=airflow-data-profilers,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com
> bind_user = cn=admin,dc=example,dc=com
> bind_password = secret
> basedn = dc=example,dc=com
> cacert = /etc/ca/ldap_ca.crt
> search_scope=SUBTREE
> {noformat}
> then I run the webUI , and I can login with superuser and data_profiler user. 
> But after login with data profiler user, entered the data profiler user home 
> view , there's no dags listed with the same dag owner. It seems the  
> filter_by_owner setting is not working.
> Debug into the views.py --> class HomeView(AdminIndexView):
> {color:red}current_user.username{color} always get{color:red} "None"{color}. 
> It seems we can't get username directly.
> so , continue debug into the ldap_auth.py --> class LdapUser(models.User):
> I added a method to return username   
> {code}
>  def get_username(self):
>         return self.user.username
> {code}
> then back to view.py  , replace 'current_user.username' to 
> {color:red}'current_user.get_username()'{color} , the user filter can work 
> now!
> I don't know exactly why, but the modification can work...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to