You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/01/21 20:08:40 UTC
[GitHub] [airflow] gardnerdev opened a new issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
gardnerdev opened a new issue #13818:
URL: https://github.com/apache/airflow/issues/13818
<!--
Welcome to Apache Airflow! For a smooth issue process, try to answer the following questions.
Don't worry if they're not all applicable; just try to include what you can :-)
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
<details><summary>super-long log</summary> lots of stuff </details>
Please delete these comment blocks before submitting the issue.
-->
<!--
IMPORTANT!!!
PLEASE CHECK "SIMILAR TO X EXISTING ISSUES" OPTION IF VISIBLE
NEXT TO "SUBMIT NEW ISSUE" BUTTON!!!
PLEASE CHECK IF THIS ISSUE HAS BEEN REPORTED PREVIOUSLY USING SEARCH!!!
Please complete the next sections or the issue will be closed.
These questions are the first thing we need to know to understand the context.
-->
**Apache Airflow version**: 2.0
**Kubernetes version (if you are using kubernetes)** (use `kubectl version`):
**Environment**:
- **Cloud provider or hardware configuration**: AWS
- **OS** (e.g. from /etc/os-release):
- **Kernel** (e.g. `uname -a`):
- **Install tools**:
- **Others**:
**What happened**:
<!-- (please include exact error messages if you can) -->
Using LDAP and airflow 2.0 Admin is not working
```
defaultUser:
enabled: true
role: Admin
username: admin
email: admin@example.com
firstName: admin
lastName: user
password: admin
```
**What you expected to happen**:
Manually created users (or default users) are able to log in.
<!-- What do you think went wrong? -->
**How to reproduce it**:
<!---
Deploy helm chart with LDAP option turn on.
As minimally and precisely as possible. Keep in mind we do not have access to your cluster or dags.
If you are using kubernetes, please attempt to recreate the issue using minikube or kind.
## Install minikube/kind
- Minikube https://minikube.sigs.k8s.io/docs/start/
- Kind https://kind.sigs.k8s.io/docs/user/quick-start/
If this is a UI bug, please provide a screenshot of the bug or a link to a youtube video of the bug in action
You can include images using the .md style of
To record a screencast, mac users can use QuickTime and then create an unlisted youtube video with the resulting .mov file.
--->
**Anything else we need to know**:
<!--
How often does this problem occur? Once? Every time etc?
Any relevant logs to include? Put them here in side a detail tag:
<details><summary>x.log</summary> lots of stuff </details>
-->
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey edited a comment on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey edited a comment on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765098423
I'm having the same issue running in containers on version 2.0.0. Once I try to setup ldap it just hangs on login and times out with no errors in logs, the default user does not work either. If I remove the webserver_config.py, the default user worrks just fine.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] jedcunningham commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
jedcunningham commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-768799880
I believe this is by design in Flask-AppBuilder. Maybe we should document that `defaultUser` only works if using db auth?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765587715
Ok. I reopened it then
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765520512
This the first time setting it up due to the login now on 2.0.0. I will continue to investigate the LDAP settings then on my end. I have airflow[ldap] and python-ldap installed as well now, but either way the rbac account we set up does not work either once I put in the ldap settings.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] gardnerdev edited a comment on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
gardnerdev edited a comment on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765512299
If there is no noticeable errors it means, that LDAP is not configured properly. Had it worked on previous airflow version?
What is measing:
```
AUTH_LDAP_SEARCH = 'dc=COM' (my use-case)
AUTH_LDAP_USE_TLS = False
AUTH_LDAP_ALLOW_SELF_SIGNED = False
```
If it worked on previous airflow you need to install additional packages.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765586756
@potiuk I'm not sure if the referenced ticket(#13306) is the same issue. I believe here once LDAP is enable in the setting the manually created users can no longer login.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765553567
Yep. in 2.0.1 ldap should work out of the box. Fixed by https://github.com/apache/airflow/issues/13306
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] gardnerdev commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
gardnerdev commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765512299
If there is no noticeable errors it means, that LDAP is not configured properly. Had it worked on previous airflow version?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] gardnerdev commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
gardnerdev commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765500110
@BrainMonkey thank you for your comment. Good to know it, I will try to figure it out, maybe before 2.0.1 release
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765098423
I'm having the same issue running in containers. Once I try to setup ldap it just hangs on login and times out with no errors in logs, the default user does not work either. If I remove the webserver_config.py, the default user worrks just fine.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765527015
Awesome, thank you for all the help. Greatly appreciate it !
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765588596
I'd love if someone could check it with the master version of the image - at least there is no need there to add `pyhon-ldap` in extra image.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765509790
@gardnerdev Does LDAP still work for you and just rbac accounts are not? On 2.0.0 I can not get LDAP to work and not sure if it is because I have the RBAC account created.
I have no noticeable errors when I set logging debug and using LDAP. If I dont have the certs, I get an error so I know that works. It just spins logging in until there appears to be a timeout.
This is my webserver-config.py
```
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get("core", "SQL_ALCHEMY_CONN")
AUTH_TYPE = AUTH_LDAP
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Admin'
AUTH_LDAP_SERVER = 'ldaps://..........:........'
AUTH_LDAP_TLS_CACERTDIR = '/usr/local/airflow/certs'
#AUTH_LDAP_TLS_CERTFILE = '/usr/local/airflow/certs/......cer'
AUTH_LDAP_BIND_USER = '.............'
AUTH_LDAP_BIND_PASSWORD = '......................'
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk closed issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
potiuk closed issue #13818:
URL: https://github.com/apache/airflow/issues/13818
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765098423
I'm having the same issue running in containers. Once I try to setup ldap it just hangs on login and times out with no errors in logs, the default user does not work either. If I remove the webserver_config.py, the default user worrks just fine.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] BrainMonkey edited a comment on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
BrainMonkey edited a comment on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765098423
I'm having the same issue running in containers on version 2.0.0. Once I try to setup ldap it just hangs on login and times out with no errors in logs, the default user does not work either. If I remove the webserver_config.py, the default user worrks just fine.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] gardnerdev commented on issue #13818: Default user is not working with AUTH_LDAP - Airflow 2.0
Posted by GitBox <gi...@apache.org>.
gardnerdev commented on issue #13818:
URL: https://github.com/apache/airflow/issues/13818#issuecomment-765523119
1. Firstly check, if LDAP connection is working.
2. Secondly, try to rebuild image. It's working on my end:
```
FROM apache/airflow:2.0.0-python3.7
USER root
RUN apt-get update --fix-missing
RUN apt-get install -y build-essential python3-dev python2.7-dev \
libldap2-dev libsasl2-dev slapd ldap-utils tox \
lcov valgrind && apt-get autoremove -yqq --purge \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN pip install python-ldap
USER 50000
```
@BrainMonkey
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org