[
https://issues.apache.org/jira/browse/AIRFLOW-3270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16674961#comment-16674961
]
Hari Krishna ADDEPALLI LN edited comment on AIRFLOW-3270 at 11/5/18 11:17 AM:
------------------------------------------------------------------------------
[~ashb] : so, you are saying , assign value (memberOf: to group_member_attr
config option ? Yes, my requirement is :
# should be part of group (as specified in group_member_attr)
# And superuser_filter to also carry value.
Our design is that we should have admin (users assigned to the group as per
superuser_filter) and non admin user (as per group_member_attr config option).
Below is updated ldap env in airflow.cfg:
{code:java}
[ldap] uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389
user_filter = objectClass=*
user_name_attr = uid
#group_member_attr = memberOf=cn=rvs-login-prd_usphx,ou=groups,dc=odc,dc=im
group_member_attr = memberOf=cn=rvs-login-mc_usphx,ou=groups,dc=odc,dc=im
superuser_filter = memberOf=cn=rvs-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im
data_profiler_filter =
bind_user =
bind_password =
basedn = ou=people,dc=odc,dc=im
cacert = /opt/orchestration/airflow/ldap_ca.crt
search_scope = SUBTREE
{code}
was (Author: alnhk):
[~ashb] : so, you are saying , assign value (memberOf: to group_member_attr
config option ? Yes, my requirement is :
# should be part of group (as specified in group_member_attr)
# And superuser_filter to also carry value.
Our design is that we should have admin (users assigned to the group as per
superuser_filter) and non admin user (as per group_member_attr config option).
> Apache airflow 1.10.0 integration with LDAP anonmyously
> -------------------------------------------------------
>
> Key: AIRFLOW-3270
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3270
> Project: Apache Airflow
> Issue Type: Bug
> Components: authentication
> Affects Versions: 1.10.0
> Reporter: Hari Krishna ADDEPALLI LN
> Priority: Blocker
>
> Please advise what to include in airflow.cfg when going to integrate with
> LDAP anonymously ? We are using DS389 as LDAP server vendor name.
>
> {noformat}
> [webserver]
> authenticate = True
> auth_backend = airflow.contrib.auth.backends.ldap_auth
> {noformat}
>
> And
>
> {noformat}
> [ldap]
> uri = ldap://nsp-daf178e8.ad1.prd.us-phx.odc.im:389
> user_filter = memberOf=cn=rvs-all-prd_usphx,ou=groups,dc=odc,dc=im
> user_name_attr = uid
> group_member_attr =
> superuser_filter = memberOf=cn=rvd-sudo_all-prd_usphx,ou=groups,dc=odc,dc=im
> data_profiler_filter =
> bind_user =
> bind_password =
> basedn = ou=people,dc=odc,dc=im
> cacert = /opt/orchestration/airflow/ldap_ca.crt
> search_scope = LEVEL
> {noformat}
> I am hitting below exception:
> {noformat}
> File "/usr/local/lib/python3.5/site-packages/ldap3/operation/search.py",
> line 215, in parse_filter
> raise LDAPInvalidFilterError('malformed filter')
> ldap3.core.exceptions.LDAPInvalidFilterError: malformed filter
> {noformat}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
