[
https://issues.apache.org/jira/browse/AIRFLOW-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16700308#comment-16700308
]
Maciej BryĆski commented on AIRFLOW-3164:
-----------------------------------------
This PR broke my Airflow.
{code}
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/gunicorn/workers/sync.py", line
135, in handle
self.handle_request(listener, req, client, addr)
File "/usr/local/lib/python3.6/site-packages/gunicorn/workers/sync.py", line
176, in handle_request
respiter = self.wsgi(environ, resp.start_response)
File "/usr/local/lib/python3.6/site-packages/werkzeug/wsgi.py", line 826, in
__call__
return app(environ, start_response)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1997, in
__call__
return self.wsgi_app(environ, start_response)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1985, in
wsgi_app
response = self.handle_exception(e)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1547, in
handle_exception
return self.finalize_request(handler(e), from_error_handler=True)
File "/usr/local/lib/python3.6/site-packages/airflow/www/views.py", line 708,
in show_traceback
info=traceback.format_exc()), 500
File "/usr/local/lib/python3.6/site-packages/flask/templating.py", line 132,
in render_template
ctx.app.update_template_context(context)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 764, in
update_template_context
context.update(func())
File "/usr/local/lib/python3.6/site-packages/flask_login/utils.py", line 368,
in _user_context_processor
return dict(current_user=_get_user())
File "/usr/local/lib/python3.6/site-packages/flask_login/utils.py", line 335,
in _get_user
current_app.login_manager._load_user()
File "/usr/local/lib/python3.6/site-packages/flask_login/login_manager.py",
line 359, in _load_user
return self.reload_user()
File "/usr/local/lib/python3.6/site-packages/flask_login/login_manager.py",
line 321, in reload_user
user = self.user_callback(user_id)
File "/usr/local/lib/python3.6/site-packages/airflow/utils/db.py", line 74,
in wrapper
return func(*args, **kwargs)
File
"/usr/local/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
line 277, in load_user
return LdapUser(user)
File "<string>", line 4, in __init__
File "/usr/local/lib/python3.6/site-packages/sqlalchemy/orm/state.py", line
414, in _initialize_instance
manager.dispatch.init_failure(self, args, kwargs)
File "/usr/local/lib/python3.6/site-packages/sqlalchemy/util/langhelpers.py",
line 66, in __exit__
compat.reraise(exc_type, exc_value, exc_tb)
File "/usr/local/lib/python3.6/site-packages/sqlalchemy/util/compat.py", line
187, in reraise
raise value
File "/usr/local/lib/python3.6/site-packages/sqlalchemy/orm/state.py", line
411, in _initialize_instance
return manager.original_init(*mixed[1:], **kwargs)
File
"/usr/local/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
line 135, in __init__
configuration.conf.get("ldap", "bind_password"))
File
"/usr/local/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py",
line 65, in get_ldap_connection
ca_certs_file=cacert)
File "/usr/local/lib/python3.6/site-packages/ldap3/core/tls.py", line 93, in
__init__
raise LDAPSSLConfigurationError('invalid CA public key file')
ldap3.core.exceptions.LDAPSSLConfigurationError: invalid CA public key file
{code}
Can we make this functionality optional?
> verify certificate of LDAP server
> ---------------------------------
>
> Key: AIRFLOW-3164
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3164
> Project: Apache Airflow
> Issue Type: Bug
> Reporter: Bolke de Bruin
> Priority: Blocker
> Fix For: 1.10.1
>
>
> Currently we dont verify the certificate of the Ldap server this can lead to
> security incidents.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
