Id Agnostic created AIRFLOW-1427:
------------------------------------
Summary: AD groups are ignored in Airflow UI
Key: AIRFLOW-1427
URL: https://issues.apache.org/jira/browse/AIRFLOW-1427
Project: Apache Airflow
Issue Type: Bug
Components: ui
Affects Versions: 1.8.1
Reporter: Id Agnostic
Airflow currently has 3 profiles configurations available trough airflow.cfg:
1. none
2. superusers (ldap/superuser_filter)
3. data_profiler (ldap/data_profiler_filter)
When enabling LDAP auth and assigning different profiles to different AD
groups, these profiles are not enforced in the UI.
For example, having the following configuration:
[ldap]
...
user_filter = |(memberOf=CN=Group1,OU=Security Groups,OU=MANAGED
OBJECTS,dc=corp,dc=mydc,dc=com)(memberOf=CN=Group2,OU=Security
Groups,OU=MANAGED OBJECTS,dc=corp,dc=mydc,dc=com)
superuser_filter = memberOf=CN=Group1,OU=Security Groups,OU=MANAGED
OBJECTS,dc=corp,dc=mydc,dc=com
data_profiler_filter = memberOf=CN=Group2,OU=Security Groups,OU=MANAGED
OBJECTS,dc=corp,dc=mydc,dc=com
...
will cause users from both Group1 and Group2 to have the same limited UI access
to the following menus: DAGS, Browse and Docs.
However, when using one filter at a time (either one of the superuser_filter or
data_profiler_filter parameters) the functionality is as expected.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
