airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Id Agnostic (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AIRFLOW-1427) AD groups are ignored in Airflow UI
Date Wed, 19 Jul 2017 08:46:00 GMT
Id Agnostic created AIRFLOW-1427:
------------------------------------

             Summary: AD groups are ignored in Airflow UI
                 Key: AIRFLOW-1427
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-1427
             Project: Apache Airflow
          Issue Type: Bug
          Components: ui
    Affects Versions: 1.8.1
            Reporter: Id Agnostic


Airflow currently has 3 profiles configurations available trough airflow.cfg:
1. none
2. superusers (ldap/superuser_filter)
3. data_profiler (ldap/data_profiler_filter)

When enabling LDAP auth and assigning different profiles to different AD groups, these profiles
are not enforced in the UI.

For example, having the following configuration:

[ldap]
...
user_filter = |(memberOf=CN=Group1,OU=Security Groups,OU=MANAGED OBJECTS,dc=corp,dc=mydc,dc=com)(memberOf=CN=Group2,OU=Security
Groups,OU=MANAGED OBJECTS,dc=corp,dc=mydc,dc=com)
superuser_filter = memberOf=CN=Group1,OU=Security Groups,OU=MANAGED OBJECTS,dc=corp,dc=mydc,dc=com
data_profiler_filter = memberOf=CN=Group2,OU=Security Groups,OU=MANAGED OBJECTS,dc=corp,dc=mydc,dc=com
...

will cause users from both Group1 and Group2 to have the same limited UI access to the following
menus: DAGS, Browse and Docs.

However, when using one filter at a time (either one of the superuser_filter or data_profiler_filter
parameters) the functionality is as expected.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message