You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/03/30 13:10:54 UTC

[GitHub] [airflow] potiuk opened a new issue #18545: Unable to add a new user when logged using LDAP auth

potiuk opened a new issue #18545:
URL: https://github.com/apache/airflow/issues/18545


   ### Discussed in https://github.com/apache/airflow/discussions/18290
   
   <div type='discussions-op-text'>
   
   <sup>Originally posted by **pawsok** September 16, 2021</sup>
   ### Apache Airflow version
   
   2.1.4 (latest released)
   
   ### Operating System
   
   Amazon Linux AMI 2018.03
   
   ### Versions of Apache Airflow Providers
   
   _No response_
   
   ### Deployment
   
   Other Docker-based deployment
   
   ### Deployment details
   
   - AWS ECS EC2 mode
   - RDS PostgreSQL for DB
   - LDAP authentication enabled
   
   
   ### What happened
   
   We upgraded Airflow from 2.0.1 to 2.1.3 and now when i log into Airflow (Admin role) using LDAP authentication and go to Security --> List Users i cannot see **add button** ("plus"). 
   
   **Airflow 2.0.1** (our current version):
   
   ![image](https://user-images.githubusercontent.com/90831710/133586254-24e22cd6-7e02-4800-b90f-d6f575ba2826.png)
   
   **Airflow 2.1.3:**
   
   ![image](https://user-images.githubusercontent.com/90831710/133586024-48952298-a906-4189-abe1-bd88d96518bc.png)
   
   
   ### What you expected to happen
   
   Option to add a new user (using LDAP auth).
   
   ### How to reproduce
   
   1. Upgrade to Airflow 2.1.3
   2. Log in to Airflow as LDAP user type
   3. Go to Security --> List Users
   
   ### Anything else
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   </div>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] shivkumar-topgolf commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

shivkumar-topgolf commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1021588500


   Hello All, we have recently installed Airflow 2.1.4. We are trying to set-up LDAP Authentication and have followed the steps mentioned here:  https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap
   
   We are using Microsoft AD, however still LDAP Auth is not working. Tried to check the webserver.logs but found no error.
   
   Could anyone help me out please?
   
   Thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] dx034 commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

dx034 commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1083047160


   From my tests, the merge in #19963 doesn't change the situation for LDAP, only remote. In LDAP mode, users still can't be added via the admin interface. So I believe this needs a separate fix. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] bparhy commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

bparhy commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1027967158


   I am having the same issue when I upgraded to 2.1.3 version. Is there a version where there is a fix for this ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] shivkumar-topgolf commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

shivkumar-topgolf commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1031162172


   Hi All, Well we got it working now. Its working fine. Thank you for all your help!!
   
   If anyone would like to get the solution please let me know and I can share the issues we had and the solution for the same.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-927670785

After discussion in https://github.com/apache/airflow/discussions/18290 and similar stack overflow issue here: https://stackoverflow.com/questions/69343651/create-user-with-ldap-authentification-in-airflow-2-1-4 - I think we should fix it @BasPH WDYT?

The explanation is that some users who would not like to use automated registration of the users from LDAP would like to have bigger control over who is using airlfow and be able to manage them via AIrflow UI. Authentication/credential verificatio still comes from the LDAP. but then the list of users allowed to login is kept in the Airflow DB. That makes sense if you have only a small group of people to access Airflow, but you do not want to synchronize roles nor 'group' allocation from centralized LDAP, but you still want to synchronize the credentials. Seems like a perfectly justified case.

@jhtimmins - I think it falls into the right set of permissions in Airlfow that could be added - I am not too familiar with that part of Airflow but maybe it can be updated for Airflow 2.2 https://github.com/apache/airflow/discussions/18290#discussioncomment-1378607 WDYT?

--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk closed issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk closed issue #18545:
URL: https://github.com/apache/airflow/issues/18545


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1030885870


   Fixed in https://github.com/apache/airflow/pull/19963. - will be released in 2.3.0 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] pawsok commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

pawsok commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-927688511


   > > Indeed sounds like a valid feature to have. The permissions in [#18290 (comment)](https://github.com/apache/airflow/discussions/18290#discussioncomment-1378607) seem to do the trick. @pawsok would you like to create a PR for that?
   > 
   > Good idea :)
   
   Sure, it will be my first PR here, so let's try :)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1083122361


   > From my tests, the merge in #19963 doesn't change the situation for LDAP, only remote. In LDAP mode, users still can't be added via the admin interface. So I believe this needs a separate fix.
   
   Ah ok - reopening then . Would you like (following the fix in #19963 to make and test PR to fix LDAP ? Shall I assign you to it ? You seem to have the right environment and has an example code to base it on to implement it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-927671158


   cc: @pawsok


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-927676396


   > Indeed sounds like a valid feature to have. The permissions in [#18290 (comment)](https://github.com/apache/airflow/discussions/18290#discussioncomment-1378607) seem to do the trick. @pawsok would you like to create a PR for that?
   
   Good idea :) 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk closed issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk closed issue #18545:
URL: https://github.com/apache/airflow/issues/18545


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] dx034 commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

dx034 commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1082932892


   > Fixed in #19963. - will be released in 2.3.0
   
   @potiuk I don't understand why this was marked as fixed, as I understand the Fix only changes remote user, not LDAP. Shouldn't this issue still be open?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1083013203


   Why do you think remote user is different than LDAP? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] BasPH commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

BasPH commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-927674994


   Indeed sounds like a valid feature to have. The permissions in https://github.com/apache/airflow/discussions/18290#discussioncomment-1378607 seem to do the trick. @pawsok would you like to create a PR for that?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1027117349


   > Hello All, we have recently installed Airflow 2.1.4. We are trying to set-up LDAP Authentication and have followed the steps mentioned here: https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap
   > 
   > We are using Microsoft AD, however still LDAP Auth is not working. Tried to check the webserver.logs but found no error.
   > 
   > Could anyone help me out please?
   > 
   > Thanks!
   
   
   I suggest you to open discussion on that or ask on slack and provide more details on what you tried and what does not work. I thnk no-one will be able to help if they do not see details, coniguration etc. It's usually not enough to say " I followed this instructions". You need say specifically what you did and what did not work and how you tried to debug it if you want someone to be able to help you.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] shivkumar-topgolf commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

shivkumar-topgolf commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1031161345


   > > Hello All, we have recently installed Airflow 2.1.4. We are trying to set-up LDAP Authentication and have followed the steps mentioned here: https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap
   > > We are using Microsoft AD, however still LDAP Auth is not working. Tried to check the webserver.logs but found no error.
   > > Could anyone help me out please?
   > > Thanks!
   > 
   > I suggest you to open discussion on that or ask on slack and provide more details on what you tried and what does not work. I thnk no-one will be able to help if they do not see details, coniguration etc. It's usually not enough to say " I followed this instructions". You need say specifically what you did and what did not work and how you tried to debug it if you want someone to be able to help you.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] shivkumar-topgolf commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

shivkumar-topgolf commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1031165638


   > ### Discussed in #18290
   > Originally posted by **pawsok** September 16, 2021
   > 
   > ### Apache Airflow version
   > 2.1.4 (latest released)
   > 
   > ### Operating System
   > Amazon Linux AMI 2018.03
   > 
   > ### Versions of Apache Airflow Providers
   > _No response_
   > 
   > ### Deployment
   > Other Docker-based deployment
   > 
   > ### Deployment details
   > * AWS ECS EC2 mode
   > * RDS PostgreSQL for DB
   > * LDAP authentication enabled
   > 
   > ### What happened
   > We upgraded Airflow from 2.0.1 to 2.1.3 and now when i log into Airflow (Admin role) using LDAP authentication and go to Security --> List Users i cannot see **add button** ("plus").
   > 
   > **Airflow 2.0.1** (our current version):
   > 
   > ![image](https://user-images.githubusercontent.com/90831710/133586254-24e22cd6-7e02-4800-b90f-d6f575ba2826.png)
   > 
   > **Airflow 2.1.3:**
   > 
   > ![image](https://user-images.githubusercontent.com/90831710/133586024-48952298-a906-4189-abe1-bd88d96518bc.png)
   > 
   > ### What you expected to happen
   > Option to add a new user (using LDAP auth).
   > 
   > ### How to reproduce
   > 1. Upgrade to Airflow 2.1.3
   > 2. Log in to Airflow as LDAP user type
   > 3. Go to Security --> List Users
   > 
   > ### Anything else
   > _No response_
   > 
   > ### Are you willing to submit PR?
   > * [ ]  Yes I am willing to submit a PR!
   > 
   > ### Code of Conduct
   > * [x]  I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   
   When you login with LDAP Authentication, your role depends on the settings in config file (webserver_config.py). Check what role is set there for users, in your case it should be viewer. And you may try changing it to Admin if you have access to the config files. We can discuss more in case it doesn't solve your issue.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1030886385


   I also asked Jed (Relese Manager) if he will be able to cherry-pick it to upcoming 2.2.4 as it seems it could be possible still.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] dx034 commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

dx034 commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1083123420


   Thanks, I'll give it a go!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #18545: Unable to add a new user when logged using LDAP auth

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #18545:
URL: https://github.com/apache/airflow/issues/18545#issuecomment-1083123158


   Assigning just in case.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org