Hi Leo, Thank you for your explanation of what is going on. This makes more sense to me. I will go ahead and propose a patch to the documentation for this. lewismc
On 2021/02/23 22:53:38, Leo Brack <[email protected]> wrote: > Hi, > > You shouldn’t need to handle the user inputs manually in the > webserver_config.py > > When using LDAP the bind stage authenticates the client application (Airflow) > to your LDAP server. This AUTH_LDAP_BIND_USER should be an LDAP service > account or proxy user, not the credentials of the user trying to login. > > Once it has established the bind connection, the Airflow LDAP backend will > then confirm if the user from the webform is authorised. > > Leo > > > On 23 Feb 2021, at 21:53, Lewis John McGibbney <[email protected]> wrote: > > > > Hi Folks, > > Has anyone been able to successfully pass the username and password to > > webserver_config.py for LDAP authentication? > > I'm struggling to figure this one out... surely someone else has solved > > this issue and has Airflow running with LDAP authentication...? > > Thank you > > lewismc > > > > On 2021/02/19 17:21:30, Lewis John McGibbney <[email protected]> wrote: > >> Hi users@, > >> > >> ######### > >> # Context # > >> ######### > >> With the following webserver_config.py code, when I provide the > >> environment variables $USERNAME and $PASSWORD, from the WebUI I can > >> authenticate and login to Airflow just fine. > >> > >> import os > >> from flask_appbuilder.security.manager import AUTH_LDAP > >> > >> basedir = os.path.abspath(os.path.dirname(__file__)) > >> username = os.environ['USERNAME'] > >> password = os.environ['PASSWORD'] > >> > >> # Flask-WTF flag for CSRF > >> WTF_CSRF_ENABLED = True > >> AUTH_TYPE = AUTH_LDAP > >> AUTH_ROLE_ADMIN = "Admin" > >> AUTH_USER_REGISTRATION = True > >> AUTH_USER_REGISTRATION_ROLE = "Admin" > >> AUTH_LDAP_SERVER = "ldaps://ldap....:636" > >> AUTH_LDAP_SEARCH = "ou=personnel,dc=dir,dc=a,dc=b,dc=c" > >> AUTH_LDAP_BIND_USER = > >> "uid={},ou=personnel,dc=dir,dc=a,dc=b,dc=c".format(username) > >> AUTH_LDAP_BIND_PASSWORD = password > >> AUTH_LDAP_UID_FIELD = "uid" > >> AUTH_LDAP_USE_TLS = False > >> AUTH_LDAP_ALLOW_SELF_SIGNED = False > >> > >> ########## > >> # Problem # > >> ########## > >> This is not appropriate if I want all of my other colleagues to login to > >> the Airflow WebUI via LDAP. > >> > >> ########## > >> # Question # > >> ########## > >> > >> How do I use the username and password (submitted by the user into the > >> WebUI form) as a variable within the webserver_config.py? > >> > >> I will provide a pull request for this as the documentation is lacking. I > >> would like to make it clearer. > >> Thank you in advance for any knowledge sharing. > >> > >> Thanks in advance, > >> lewismc > >> > >
