You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Jeremy (JIRA)" <ji...@apache.org> on 2019/04/25 08:18:00 UTC
[jira] [Created] (AIRFLOW-4410) Ldap authentication failed when
using non-ssl ldap server
Jeremy created AIRFLOW-4410:
-------------------------------
Summary: Ldap authentication failed when using non-ssl ldap server
Key: AIRFLOW-4410
URL: https://issues.apache.org/jira/browse/AIRFLOW-4410
Project: Apache Airflow
Issue Type: Bug
Components: authentication
Affects Versions: 1.10.3, 1.10.2, 1.10.1
Environment: Python 3.6, apache-airflow==1.10.3
Reporter: Jeremy
I modified the aiflow.cfg in the $AIRFLOW_HOME with
{code:java}
[webserver]
authenticate = True
auth_backend = airflow.contrib.auth.backends.ldap_auth
[ldap]
uri = <my-url>
user_filter = objectclass=posixAccount
user_name_attr = uid
group_member_attr = ou
superuser_filter =
data_profiler_filter =
bind_user =
bind_password =
basedn = <my-dn>
search_scope = SUBTREE{code}
And I started the airflow web server with command:
{code:java}
airflow webserver{code}
But when I signed in airflow in the login form, the following exception was rasied:
{code:java}
Traceback (most recent call last):
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py", line 69, in inner
return self._run_view(f, *args, **kwargs)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py", line 368, in _run_view
return fn(self, *args, **kwargs)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/www/views.py", line 731, in login
return airflow.login.login(self, request)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/utils/db.py", line 73, in wrapper
return func(*args, **kwargs)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 308, in login
LdapUser.try_login(username, password)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 196, in try_login
configuration.conf.get("ldap", "bind_password"))
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 72, in get_ldap_connection
ca_certs_file=cacert)
File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/ldap3/core/tls.py", line 93, in __init__
raise LDAPSSLConfigurationError('invalid CA public key file')
ldap3.core.exceptions.LDAPSSLConfigurationError: invalid CA public key file
{code}
I think using non-ssl ldap server should be considered for the internal airflow server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)