airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lewis John McGibbney <lewi...@apache.org>
Subject Re: Use WebUI username and password in webserver_config.py for LDAP authentication
Date Wed, 24 Feb 2021 20:52:02 GMT
Hi Leo,
Thank you for your explanation of what is going on. This makes more sense to me.
I will go ahead and propose a patch to the documentation for this.
lewismc

On 2021/02/23 22:53:38, Leo Brack <leo.brack@hotmail.co.uk> wrote: 
> Hi, 
> 
> You shouldn’t need to handle the user inputs manually in the webserver_config.py
> 
> When using LDAP the bind stage authenticates the client application (Airflow) to your
LDAP server. This AUTH_LDAP_BIND_USER should be an LDAP service account or proxy user, not
the credentials of the user trying to login.
> 
> Once it has established the bind connection, the Airflow LDAP backend will then confirm
if the user from the webform is authorised.
> 
> Leo
> 
> > On 23 Feb 2021, at 21:53, Lewis John McGibbney <lewismc@apache.org> wrote:
> > 
> > Hi Folks,
> > Has anyone been able to successfully pass the username and password to webserver_config.py
for LDAP authentication?
> > I'm struggling to figure this one out... surely someone else has solved this issue
and has Airflow running with LDAP authentication...?
> > Thank you
> > lewismc
> > 
> > On 2021/02/19 17:21:30, Lewis John McGibbney <lewismc@apache.org> wrote: 
> >> Hi users@,
> >> 
> >> #########
> >> # Context #
> >> #########
> >> With the following webserver_config.py code, when I provide the environment
variables $USERNAME and $PASSWORD, from the WebUI I can authenticate and login to Airflow
just fine.
> >> 
> >> import os
> >> from flask_appbuilder.security.manager import AUTH_LDAP
> >> 
> >> basedir = os.path.abspath(os.path.dirname(__file__))
> >> username = os.environ['USERNAME']
> >> password = os.environ['PASSWORD']
> >> 
> >> # Flask-WTF flag for CSRF
> >> WTF_CSRF_ENABLED = True
> >> AUTH_TYPE = AUTH_LDAP
> >> AUTH_ROLE_ADMIN = "Admin"
> >> AUTH_USER_REGISTRATION = True
> >> AUTH_USER_REGISTRATION_ROLE = "Admin"
> >> AUTH_LDAP_SERVER = "ldaps://ldap....:636"
> >> AUTH_LDAP_SEARCH = "ou=personnel,dc=dir,dc=a,dc=b,dc=c"
> >> AUTH_LDAP_BIND_USER = "uid={},ou=personnel,dc=dir,dc=a,dc=b,dc=c".format(username)
> >> AUTH_LDAP_BIND_PASSWORD = password
> >> AUTH_LDAP_UID_FIELD = "uid"
> >> AUTH_LDAP_USE_TLS = False
> >> AUTH_LDAP_ALLOW_SELF_SIGNED = False
> >> 
> >> ##########
> >> # Problem #
> >> ##########
> >> This is not appropriate if I want all of my other colleagues to login to the
Airflow WebUI via LDAP.
> >> 
> >> ##########
> >> # Question #
> >> ##########
> >> 
> >> How do I use the username and password (submitted by the user into the WebUI
form) as a variable within the webserver_config.py?
> >> 
> >> I will provide a pull request for this as the documentation is lacking. I would
like to make it clearer.
> >> Thank you in advance for any knowledge sharing.
> >> 
> >> Thanks in advance,
> >> lewismc
> >> 
> 
> 

Mime
View raw message