airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Brack <leo.br...@hotmail.co.uk>
Subject Re: Use WebUI username and password in webserver_config.py for LDAP authentication
Date Tue, 23 Feb 2021 22:53:38 GMT
Hi, 

You shouldn’t need to handle the user inputs manually in the webserver_config.py

When using LDAP the bind stage authenticates the client application (Airflow) to your LDAP
server. This AUTH_LDAP_BIND_USER should be an LDAP service account or proxy user, not the
credentials of the user trying to login.

Once it has established the bind connection, the Airflow LDAP backend will then confirm if
the user from the webform is authorised.

Leo

> On 23 Feb 2021, at 21:53, Lewis John McGibbney <lewismc@apache.org> wrote:
> 
> Hi Folks,
> Has anyone been able to successfully pass the username and password to webserver_config.py
for LDAP authentication?
> I'm struggling to figure this one out... surely someone else has solved this issue and
has Airflow running with LDAP authentication...?
> Thank you
> lewismc
> 
> On 2021/02/19 17:21:30, Lewis John McGibbney <lewismc@apache.org> wrote: 
>> Hi users@,
>> 
>> #########
>> # Context #
>> #########
>> With the following webserver_config.py code, when I provide the environment variables
$USERNAME and $PASSWORD, from the WebUI I can authenticate and login to Airflow just fine.
>> 
>> import os
>> from flask_appbuilder.security.manager import AUTH_LDAP
>> 
>> basedir = os.path.abspath(os.path.dirname(__file__))
>> username = os.environ['USERNAME']
>> password = os.environ['PASSWORD']
>> 
>> # Flask-WTF flag for CSRF
>> WTF_CSRF_ENABLED = True
>> AUTH_TYPE = AUTH_LDAP
>> AUTH_ROLE_ADMIN = "Admin"
>> AUTH_USER_REGISTRATION = True
>> AUTH_USER_REGISTRATION_ROLE = "Admin"
>> AUTH_LDAP_SERVER = "ldaps://ldap....:636"
>> AUTH_LDAP_SEARCH = "ou=personnel,dc=dir,dc=a,dc=b,dc=c"
>> AUTH_LDAP_BIND_USER = "uid={},ou=personnel,dc=dir,dc=a,dc=b,dc=c".format(username)
>> AUTH_LDAP_BIND_PASSWORD = password
>> AUTH_LDAP_UID_FIELD = "uid"
>> AUTH_LDAP_USE_TLS = False
>> AUTH_LDAP_ALLOW_SELF_SIGNED = False
>> 
>> ##########
>> # Problem #
>> ##########
>> This is not appropriate if I want all of my other colleagues to login to the Airflow
WebUI via LDAP.
>> 
>> ##########
>> # Question #
>> ##########
>> 
>> How do I use the username and password (submitted by the user into the WebUI form)
as a variable within the webserver_config.py?
>> 
>> I will provide a pull request for this as the documentation is lacking. I would like
to make it clearer.
>> Thank you in advance for any knowledge sharing.
>> 
>> Thanks in advance,
>> lewismc
>> 

Mime
View raw message