[
https://issues.apache.org/jira/browse/AIRFLOW-3208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16667312#comment-16667312
]
Hari Krishna ADDEPALLI LN commented on AIRFLOW-3208:
----------------------------------------------------
[~ashb] : We agree with you that we are using old 1.8, yet, please bear in mind
that this is business as usual, hence we are using 1.8.0, we will plan to
upgrade to 1.10.0. Still, please share the resolution, should we follow this
same method as -
[https://stackoverflow.com/questions/50931466/airflow-ldap-superuser-authentication]
?
> Apache airflow 1.8.0 integration with LDAP anonmyously
> ------------------------------------------------------
>
> Key: AIRFLOW-3208
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3208
> Project: Apache Airflow
> Issue Type: Bug
> Components: authentication
> Affects Versions: 1.8.0, 1.8.2
> Reporter: Hari Krishna ADDEPALLI LN
> Priority: Critical
>
> Hello.,
> We wanted to have airflow integration with LDAP anonymously, the LDAP is
> based on either "openldap" or "389 directory Server". Below is the detail
> added in the airflow.cfg :
> {noformat}
> [webserver]
> authenticate = True
> auth_backend = airflow.contrib.auth.backends.ldap_auth {noformat}
>
> {noformat}
> [ldap]
> uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389
> user_filter =
> user_name_attr = uid
> group_member_attr = groupMembership=ou=groups,dc=odc,dc=im
> superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im
> data_profiler_filter =
> bind_user = ou=people,dc=odc,dc=im
> bind_password =
> basedn = ou=people,dc=odc,dc=im
> cacert = /opt/orchestration/airflow/ldap_ca.crt
> search_scope = SUBTREE{noformat}
> However, when trying to validate, it failed with below exception, please
> advise what to correct as per provided detail of LDAP as per above ? We only
> use "basedn=ou=people,dc=odc,dc=im" with provided LDAP host and was able to
> access anonymously when tried using jxplorer workbench. We are able to do
> LDAP anonymously both on kibana/elasticsearch/jenkins, however coming to
> airflow, please advise solution.
>
> {noformat}
> Traceback (most recent call last):
> File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1988, in
> wsgi_app
> response = self.full_dispatch_request()
> File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1641, in
> full_dispatch_request
> rv = self.handle_user_exception(e)
> File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1544, in
> handle_user_exception
> reraise(exc_type, exc_value, tb)
> File "/usr/local/lib/python3.6/site-packages/flask/_compat.py", line 33, in
> reraise
> raise value
> File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1639, in
> full_dispatch_request
> rv = self.dispatch_request()
> File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1625, in
> dispatch_request
> return self.view_functions[rule.endpoint](**req.view_args)
> File "/usr/local/lib/python3.6/site-packages/flask_admin/base.py", line 69,
> in inner
> return self._run_view(f, *args, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/flask_admin/base.py", line 368,
> in _run_view
> return fn(self, *args, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/airflow/www/views.py", line 650,
> in login
> return airflow.login.login(self, request)
> File
> "/usr/local/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
> line 268, in login
> LdapUser.try_login(username, password)
> File
> "/usr/local/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
> line 180, in try_login
> search_scope=native(search_scope))
> File "/usr/local/lib/python3.6/site-packages/ldap3/core/connection.py", line
> 779, in search
> check_names=self.check_names)
> File "/usr/local/lib/python3.6/site-packages/ldap3/operation/search.py", line
> 372, in search_operation
> request['filter'] = compile_filter(parse_filter(search_filter, schema,
> auto_escape, auto_encode, validator, check_names).elements[0]) # parse the
> searchFilter string and compile it starting from the root node
> File "/usr/local/lib/python3.6/site-packages/ldap3/operation/search.py", line
> 206, in parse_filter
> current_node.append(evaluate_match(search_filter[start_pos:end_pos], schema,
> auto_escape, auto_encode, validator, check_names))
> File "/usr/local/lib/python3.6/site-packages/ldap3/operation/search.py", line
> 89, in evaluate_match
> raise LDAPInvalidFilterError('invalid matching assertion')
> ldap3.core.exceptions.LDAPInvalidFilterError: invalid matching assertion
> {noformat}
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
