You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2019/04/25 08:46:00 UTC

[jira] [Commented] (AIRFLOW-4410) Ldap authentication failed when using non-ssl ldap server

    [ https://issues.apache.org/jira/browse/AIRFLOW-4410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16825871#comment-16825871 ] 

ASF GitHub Bot commented on AIRFLOW-4410:
-----------------------------------------

Jerevia commented on pull request #5183: [AIRFLOW-4410]Add Non-ssl ldap server support
URL: https://github.com/apache/airflow/pull/5183
 
 
   Make sure you have checked _all_ steps below.
   
   ### Jira
   
   - [ ] My PR addresses the following [Airflow Jira](https://issues.apache.org/jira/browse/AIRFLOW/) issues and references them in the PR title. For example, "\[AIRFLOW-XXX\] My Airflow PR"
     - https://issues.apache.org/jira/browse/AIRFLOW-XXX
     - In case you are fixing a typo in the documentation you can prepend your commit with \[AIRFLOW-XXX\], code changes always need a Jira issue.
     - In case you are proposing a fundamental code change, you need to create an Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)).
     - In case you are adding a dependency, check if the license complies with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   
   ### Description
   
   - [ ] Here are some details about my PR, including screenshots of any UI changes:
   
   ### Tests
   
   - [ ] My PR adds the following unit tests __OR__ does not need testing for this extremely good reason:
   
   ### Commits
   
   - [ ] My commits all reference Jira issues in their subject lines, and I have squashed multiple commits if they address the same issue. In addition, my commits follow the guidelines from "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)":
     1. Subject is separated from body by a blank line
     1. Subject is limited to 50 characters (not including Jira issue reference)
     1. Subject does not end with a period
     1. Subject uses the imperative mood ("add", not "adding")
     1. Body wraps at 72 characters
     1. Body explains "what" and "why", not "how"
   
   ### Documentation
   
   - [ ] In case of new functionality, my PR adds documentation that describes how to use it.
     - All the public functions and the classes in the PR contain docstrings that explain what it does
     - If you implement backwards incompatible changes, please leave a note in the [Updating.md](https://github.com/apache/airflow/blob/master/UPDATING.md) so we can assign it to a appropriate release
   
   ### Code Quality
   
   - [ ] Passes `flake8`
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Ldap authentication failed when using non-ssl ldap server
> ---------------------------------------------------------
>
>                 Key: AIRFLOW-4410
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4410
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: authentication
>    Affects Versions: 1.10.1, 1.10.2, 1.10.3
>         Environment: Python 3.6, apache-airflow==1.10.3
>            Reporter: Jeremy
>            Priority: Major
>
> I modified the aiflow.cfg in the $AIRFLOW_HOME with
>  
> {code:java}
> [webserver]
> authenticate = True
> auth_backend = airflow.contrib.auth.backends.ldap_auth
> [ldap]
> uri = <my-url>
> user_filter = objectclass=posixAccount
> user_name_attr = uid
> group_member_attr = ou
> superuser_filter =
> data_profiler_filter =
> bind_user =
> bind_password =
> basedn = <my-dn>
> search_scope = SUBTREE{code}
>  
> And I started the airflow web server with command: 
> {code:java}
> airflow webserver{code}
> But when I signed in airflow in the login form, the following exception was rasied:
>  
> {code:java}
> Traceback (most recent call last):
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
>  response = self.full_dispatch_request()
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
>  rv = self.handle_user_exception(e)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
>  reraise(exc_type, exc_value, tb)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
>  raise value
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
>  rv = self.dispatch_request()
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
>  return self.view_functions[rule.endpoint](**req.view_args)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py", line 69, in inner
>  return self._run_view(f, *args, **kwargs)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py", line 368, in _run_view
>  return fn(self, *args, **kwargs)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/www/views.py", line 731, in login
>  return airflow.login.login(self, request)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/utils/db.py", line 73, in wrapper
>  return func(*args, **kwargs)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 308, in login
>  LdapUser.try_login(username, password)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 196, in try_login
>  configuration.conf.get("ldap", "bind_password"))
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 72, in get_ldap_connection
>  ca_certs_file=cacert)
>  File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/ldap3/core/tls.py", line 93, in __init__
>  raise LDAPSSLConfigurationError('invalid CA public key file')
> ldap3.core.exceptions.LDAPSSLConfigurationError: invalid CA public key file 
> {code}
> I think using non-ssl ldap server should be considered for the internal airflow server.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)