You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "deepak tm (JIRA)" <ji...@apache.org> on 2019/04/08 06:13:00 UTC
[jira] [Commented] (AIRFLOW-4243) How to restrict UI login
[ https://issues.apache.org/jira/browse/AIRFLOW-4243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16812134#comment-16812134 ]
deepak tm commented on AIRFLOW-4243:
------------------------------------
Please any one help me to resolve this issue.
> How to restrict UI login
> ------------------------
>
> Key: AIRFLOW-4243
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4243
> Project: Apache Airflow
> Issue Type: Task
> Components: authentication, configuration
> Affects Versions: 1.9.0
> Environment: Production
> Reporter: deepak tm
> Priority: Major
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Airflow server UI is integrated with LDAP server. In current scenario, every user in the domain can able to login Airflow UI. Current LDAP configuration as follows. I have created a separate group in AD server. As a security point of view, how we can restrict that particular group users can only login through UI.
> *airflow.cfg* :
> [admin]
> # UI to hide sensitive variable fields when set to True
> hide_sensitive_variable_fields = True
> # BEGIN ANSIBLE MANAGED BLOCK
> [webserver]
> authenticate = True
> auth_backend = airflow.contrib.auth.backends.ldap_auth
> [ldap]
> uri = ldaps://ldaps-prod.example.com:636
> user_filter = objectClass=*
> user_name_attr = sAMAccountName
> group_member_attr = memberOf
> bind_user = CN=XXXXXX,OU=Service Accounts,OU=United Kingdom,OU=Regions, DC=AVIVAGROUP,DC=COM
> bind_password = XXXXXX
> basedn = DC=EXAMPLE,DC=COM
> cacert = /etc/ca/ldap_ca.crt
> search_scope = SUBTREE
> # END ANSIBLE MANAGED BLOCK
> executor = LocalExecutor
> max_threads = 4
> scheduler_heartbeat_sec = 60
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)