Repository: incubator-airflow Updated Branches: refs/heads/master 0a8410d4d -> 7dbc3cd40
[AIRFLOW-331] modify the LDAP authentication config lines in 'Security' sample codes Closes #1674 from impangt/master Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/7dbc3cd4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/7dbc3cd4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/7dbc3cd4 Branch: refs/heads/master Commit: 7dbc3cd40e5c4f072897bcae46929ad61a2b4590 Parents: 0a8410d Author: Peter Pang <impa...@users.noreply.github.com> Authored: Wed Jul 27 14:33:39 2016 -0700 Committer: Chris Riccomini <chr...@wepay.com> Committed: Wed Jul 27 14:33:39 2016 -0700 ---------------------------------------------------------------------- docs/security.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/7dbc3cd4/docs/security.rst ---------------------------------------------------------------------- diff --git a/docs/security.rst b/docs/security.rst index 1f33548..50d9167 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -67,16 +67,20 @@ Valid search_scope options can be found in the `ldap3 Documentation <http://ldap auth_backend = airflow.contrib.auth.backends.ldap_auth [ldap] + # set a connection without encryption: uri = ldap://<your.ldap.server>:<port> uri = ldaps://<your.ldap.server>:<port> user_filter = objectClass=* - user_name_attr = uid # in case of Active Directory you would use sAMAccountName + # in case of Active Directory you would use: user_name_attr = sAMAccountName + user_name_attr = uid superuser_filter = memberOf=CN=airflow-super-users,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com data_profiler_filter = memberOf=CN=airflow-data-profilers,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com bind_user = cn=Manager,dc=example,dc=com bind_password = insecure basedn = dc=example,dc=com cacert = /etc/ca/ldap_ca.crt - search_scope = LEVEL # Set this to SUBTREE if using Active Directory, and not specifying an Organizational Unit + # Set search_scope to one of them: BASE, LEVEL , SUBTREE + # Set search_scope to SUBTREE if using Active Directory, and not specifying an Organizational Unit + search_scope = LEVEL The superuser_filter and data_profiler_filter are optional. If defined, these configurations allow you to specify LDAP groups that users must belong to in order to have superuser (admin) and data-profiler permissions. If undefined, all users will be superusers and data profilers.