问题
I am using Airflow v1.9.0 and am trying to setup groups using LDAP authentication. I can get the basic LDAP authentication working that defaults all users to be superusers. However, I cannot get the AD to match against a specific group. For instance, I have user TommyLeeJones who I know is part of the user group MIB, but I can't get airflow to match this user against this group.
In my airflow.cfg file, I have set:
[webserver]
authenticate = True
auth_backend = airflow.contrib.auth.backends.ldap_auth
[ldap]
user_filter = objectClass=*
user_name_attr=sAMAccountName
In my webserver.env file, I have:
AIRFLOW__LDAP__URI=zartha.men.in.black:389
AIRFLOW__LDAP__BIND_USER=men\TommyLeeJones
AIRFLOW__LDAP__BIND_PASSWORD=APersonIsSmartPeopleAreDumb AIRFLOW__LDAP__SUPERUSER_FILTER=memberOf=CN=MIB,OU=UK,OU=Groups,DC=men,DC=in,DC=black
AIRFLOW__LDAP__DATA_PROFILER_FILTER=memberOf=CN=MIB,OU=UK,OU=Groups,DC=men,DC=in,DC=black
AIRFLOW__LDAP__BASEDN=DC=men,DC=in,DC=black
AIRFLOW__LDAP__SEARCH_SCOPE=SUBTREE
I can login, but not as a superuser which I should be able to.
回答1:
When working with LDAP, I find that I'm usually misspelling my LDAP query.
Confirm that AIRFLOW__LDAP__SUPERUSER_FILTER is correct.
You can use ldap3 Python package and confirm from the command line this works.
来源:https://stackoverflow.com/questions/50931466/airflow-ldap-superuser-authentication