You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/08/23 16:10:04 UTC
[GitHub] [superset] mandeeplohan opened a new issue #16402: Help needed for setting up LDAP on superset
mandeeplohan opened a new issue #16402:
URL: https://github.com/apache/superset/issues/16402
[ldaplogin.txt](https://github.com/apache/superset/files/7033336/ldaplogin.txt)
We are trying to setup ldap login. We configured below in superset_config.py:
from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, AUTH_LDAP, AUTH_OAUTH, AUTH_OAUTH
from mysecurity import MySecurityManager
CUSTOM_SECURITY_MANAGER = MySecurityManager
AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_USE_TLS = False
AUTH_USER_REGISTRATION = True
AUTH_LDAP_SERVER = "ldap-server"
AUTH_LDAP_SEARCH ="CN=Users,DC=ms,DC=xxx,DC=xxx,DC=com"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
AUTH_LDAP_EMAIL_FIELD = "@xxx.com"
#RECAPTCHA_PUBLIC_KEY = "public"
#AUTH_ROLES_MAPPING = {
#"cn=fab_users,ou=groupname,dc=ms,dc=com": ["User"],
#"cn=fab_admins,ou=groupname,dc=ms,dc=com": ["Admin"]
#}
#from superset.security import CustomSecurityManager
#CUSTOM_SECURITY_MANAGER = CustomSecurityManager
# the LDAP user attribute which has their role DNs
AUTH_LDAP_GROUP_FIELD = "memberOf"
# if we should replace ALL the user's roles each login, or only on registration
AUTH_ROLES_SYNC_AT_LOGIN = True
# force users to re-auth after 30min of inactivity (to keep roles in sync)
#PERMANENT_SESSION_LIFETIME=1800
**********With above config we are not able to login.******
[ldaplogin.txt](https://github.com/apache/superset/files/7033341/ldaplogin.txt)
2. Then we tried to provide a custom pythong script ldaplogin.txt (attached along). With that we are able to authenticate user and get ldap related user details. However there is this below error:
superset_app | attribute 'is_active' not found
superset_app | Traceback (most recent call last):
superset_app | File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
superset_app | rv = self.dispatch_request()
superset_app | File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
superset_app | return self.view_functions[rule.endpoint](**req.view_args)
superset_app | File "/usr/local/lib/python3.7/site-packages/flask_appbuilder/security/views.py", line 520, in login
superset_app | login_user(user, remember=False)
superset_app | File "/usr/local/lib/python3.7/site-packages/flask_login/utils.py", line 158, in login_user
superset_app | if not force and not user.is_active:
superset_app | File "/usr/local/lib/python3.7/site-packages/ldap3/abstract/entry.py", line 202, in __getattr__
superset_app | raise LDAPCursorAttributeError(error_message)
superset_app | ldap3.core.exceptions.LDAPCursorAttributeError: attribute 'is_active' not found
superset_app | 2021-08-23 16:04:08,958:ERROR:superset.views.base:attribute 'is_active' not found
superset_app | Traceback (most recent call last):
superset_app | File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
superset_app | rv = self.dispatch_request()
superset_app | File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
superset_app | return self.view_functions[rule.endpoint](**req.view_args)
superset_app | File "/usr/local/lib/python3.7/site-packages/flask_appbuilder/security/views.py", line 520, in login
superset_app | login_user(user, remember=False)
superset_app | File "/usr/local/lib/python3.7/site-packages/flask_login/utils.py", line 158, in login_user
superset_app | if not force and not user.is_active:
superset_app | File "/usr/local/lib/python3.7/site-packages/ldap3/abstract/entry.py", line 202, in __getattr__
superset_app | raise LDAPCursorAttributeError(error_message)
superset_app | ldap3.core.exceptions.LDAPCursorAttributeError: attribute 'is_active' not found
superset_app |
We are not able to resolve this. Please help
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] metalshanked commented on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
metalshanked commented on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-1036603291
facing the same issue after upgrading to 1.4.1 from 1.3.1. LDAP was working perfectly on 1.3.1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] Hermain commented on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
Hermain commented on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-979315373
In my case it helped to set: AUTH_TYPE = 2
However I am now stuck because the python_ldap is not intalled in the docker container and installing it fails due to missing dependencies from the system.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan commented on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
mandeeplohan commented on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-979878735
@Hermain I tried AUTH_TYPE = 2 as well. However, no luck. Strange thing is i am not getting error in the logs. On the login screen only it says invalid. Even admin:admin wont work after enabling ldap configs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] dpgaspar commented on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-933548336
Hi @mandeeplohan, from my understanding your overriding FAB ldap Auth, can you:
- Offer a detailed explanation of what your trying to achieve with the override
- If without the override LDAP auth works
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan commented on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
mandeeplohan commented on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-916161039
Hi Team, Any help here? Please
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan edited a comment on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
mandeeplohan edited a comment on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-979878735
@Hermain I tried AUTH_TYPE = 2 as well. However, no luck. Strange thing is i am not getting error in the logs. On the login screen only it says invalid. Even admin:admin wont work after enabling ldap configs.
For your issue try adding this command in Dockerfile: RUN python -m pip install ldap3 python-ldap
it would resolve your issue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan commented on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
mandeeplohan commented on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-981417237
@dpgaspar any help here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan commented on issue #16402: LDAP not working with superset
Posted by GitBox <gi...@apache.org>.
mandeeplohan commented on issue #16402:
URL: https://github.com/apache/superset/issues/16402#issuecomment-977851496
hi @dpgaspar Thanks for the reply. I waited for 1 month and lost hope and dint follow after that. I am still having this issue.
1. If i dont overide it does not authenticate. Here is the configuration in superset_config.py
AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_USE_TLS = False
AUTH_USER_REGISTRATION = True
AUTH_LDAP_SERVER = "ldap-server"
AUTH_LDAP_SEARCH ="CN=Users,DC=ms,DC=xxx,DC=xxx,DC=com"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
AUTH_LDAP_EMAIL_FIELD = "@xxx.com"
After implementing this i am not able login with my ldap creds. Also normal admin:admin also wont work.
2. When this dint work so i googled and people suggested to overide with a python file. That is also having issue.
Any help here please?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org