Mattias Hammarsten created AIRFLOW-1752:
-------------------------------------------
Summary: Wrong username is stored in airflow when logging in with
contrib ldap
Key: AIRFLOW-1752
URL: https://issues.apache.org/jira/browse/AIRFLOW-1752
Project: Apache Airflow
Issue Type: Bug
Components: authentication
Affects Versions: 1.8.2
Reporter: Mattias Hammarsten
When logging in with airflow.contrib.auth.backends.ldap_auth username gets
stored (to airflow.users table) from user input rather than the username stored
in ldap.
This leads to problems when the username entered in the gui has different case
from the username in ldap.
1) The user logs in with username and password
2) ldap_auth authenticates the user - case insesitive
3) ldap_auth stores whatever username entered in the gui to airflow.users table
4) ldap_auth checks for group membership by doing a case-sensitive comparison
between the stored username and the username from ldap.
If the user entered the username with a different case compared to ldap at the
first login, then group membership checks fail for all future logins.
This also potentially affects dag filtering.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
