airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "peter pang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AIRFLOW-352) filter_by_owner is not working when use ldap authentication
Date Thu, 21 Jul 2016 09:53:20 GMT
peter pang created AIRFLOW-352:
----------------------------------

             Summary: filter_by_owner is not working when use ldap authentication
                 Key: AIRFLOW-352
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-352
             Project: Apache Airflow
          Issue Type: Bug
          Components: contrib, security, webserver
    Affects Versions: Airflow 1.7.1.3
         Environment: ubuntu 14.04 LTS ,  ldap without encryption 
            Reporter: peter pang


I set airflow.cfg as follows:

[webserver]
filter_by_owner = True
authenticate = TRUE
auth_backend = airflow.contrib.auth.backends.ldap_auth

[ldap]
uri = ldap://xx.xx.xx.xx
user_filter = objectClass=*
user_name_attr = uid
superuser_filter = memberOf=CN=airflow-super-users,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com
data_profiler_filter = memberOf=CN=airflow-data-profilers,OU=Groups,OU=RWC,OU=US,OU=NORAM,DC=example,DC=com
bind_user = cn=admin,dc=example,dc=com
bind_password = secret
basedn = dc=example,dc=com
cacert = /etc/ca/ldap_ca.crt
search_scope=SUBTREE

then I run the webUI , and I can login with superuser and data_profiler user. But after login
with data profiler user, entered the data profiler user home view , there's no dags listed
with the same dag owner. It seems the  filter_by_owner setting is not working.

Debug into the views.py --> class HomeView(AdminIndexView):
current_user.username always return "None". It seems we can't get username directly.

so , continue debug into the ldap_auth.py --> class LdapUser(models.User):
I added a method to return username   

 def get_username(self):
        return self.user.username

then back to view.py  , replace 'current_user.username' to 'current_user.get_username()' ,
the user filter can work now!

I don't know exactly why, but the modification can work...





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message