Erich Hochmuth created AIRFLOW-1578:
---------------------------------------
Summary: LDAP group search filter shouldn't execute if owner_mode
is user
Key: AIRFLOW-1578
URL: https://issues.apache.org/jira/browse/AIRFLOW-1578
Project: Apache Airflow
Issue Type: Bug
Components: security
Affects Versions: Airflow 1.8
Reporter: Erich Hochmuth
Priority: Minor
The LDAP query to pull user groups shouldn't execute if the owner mode is user.
What makes this worse is at the moment LDAP group search filter is also
confined to the same query string used to check the user except that its
looking for the memberOf attribute. Some organizations may put user group
relationships in a completely different dn.
At a minimum make the group filter check optional if owner mode is "user"
In ldap_auth.py
https://github.com/apache/incubator-airflow/blob/master/airflow/contrib/auth/backends/ldap_auth.py
def groups_user(conn, search_base, user_filter, user_name_att, username):
if configuration.get("core", "owner_mode") == "user":
return []
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
