Hi, You shouldn’t need to handle the user inputs manually in the webserver_config.py
When using LDAP the bind stage authenticates the client application (Airflow) to your LDAP server. This AUTH_LDAP_BIND_USER should be an LDAP service account or proxy user, not the credentials of the user trying to login. Once it has established the bind connection, the Airflow LDAP backend will then confirm if the user from the webform is authorised. Leo > On 23 Feb 2021, at 21:53, Lewis John McGibbney <[email protected]> wrote: > > Hi Folks, > Has anyone been able to successfully pass the username and password to > webserver_config.py for LDAP authentication? > I'm struggling to figure this one out... surely someone else has solved this > issue and has Airflow running with LDAP authentication...? > Thank you > lewismc > > On 2021/02/19 17:21:30, Lewis John McGibbney <[email protected]> wrote: >> Hi users@, >> >> ######### >> # Context # >> ######### >> With the following webserver_config.py code, when I provide the environment >> variables $USERNAME and $PASSWORD, from the WebUI I can authenticate and >> login to Airflow just fine. >> >> import os >> from flask_appbuilder.security.manager import AUTH_LDAP >> >> basedir = os.path.abspath(os.path.dirname(__file__)) >> username = os.environ['USERNAME'] >> password = os.environ['PASSWORD'] >> >> # Flask-WTF flag for CSRF >> WTF_CSRF_ENABLED = True >> AUTH_TYPE = AUTH_LDAP >> AUTH_ROLE_ADMIN = "Admin" >> AUTH_USER_REGISTRATION = True >> AUTH_USER_REGISTRATION_ROLE = "Admin" >> AUTH_LDAP_SERVER = "ldaps://ldap....:636" >> AUTH_LDAP_SEARCH = "ou=personnel,dc=dir,dc=a,dc=b,dc=c" >> AUTH_LDAP_BIND_USER = >> "uid={},ou=personnel,dc=dir,dc=a,dc=b,dc=c".format(username) >> AUTH_LDAP_BIND_PASSWORD = password >> AUTH_LDAP_UID_FIELD = "uid" >> AUTH_LDAP_USE_TLS = False >> AUTH_LDAP_ALLOW_SELF_SIGNED = False >> >> ########## >> # Problem # >> ########## >> This is not appropriate if I want all of my other colleagues to login to the >> Airflow WebUI via LDAP. >> >> ########## >> # Question # >> ########## >> >> How do I use the username and password (submitted by the user into the WebUI >> form) as a variable within the webserver_config.py? >> >> I will provide a pull request for this as the documentation is lacking. I >> would like to make it clearer. >> Thank you in advance for any knowledge sharing. >> >> Thanks in advance, >> lewismc >>
