Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-1578

LDAP group search filter shouldn't execute if owner_mode is user

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.8.0
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      The LDAP query to pull user groups shouldn't execute if the owner mode is user.
      What makes this worse is at the moment LDAP group search filter is also confined to the same query string used to check the user except that its looking for the memberOf attribute. Some organizations may put user group relationships in a completely different dn.

      At a minimum make the group filter check optional if owner mode is "user"

      In ldap_auth.py
      https://github.com/apache/incubator-airflow/blob/master/airflow/contrib/auth/backends/ldap_auth.py

      def groups_user(conn, search_base, user_filter, user_name_att, username):
      if configuration.get("core", "owner_mode") == "user":
      return []

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ehochmuth Erich Hochmuth
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: