Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-4410

Ldap authentication failed when using non-ssl ldap server

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.10.1, 1.10.2, 1.10.3
    • Fix Version/s: None
    • Component/s: authentication
    • Labels:
      None
    • Environment:
      Python 3.6, apache-airflow==1.10.3

      Description

      I modified the aiflow.cfg in the $AIRFLOW_HOME with

       

      [webserver]
      authenticate = True
      auth_backend = airflow.contrib.auth.backends.ldap_auth
      
      [ldap]
      uri = <my-url>
      user_filter = objectclass=posixAccount
      user_name_attr = uid
      group_member_attr = ou
      superuser_filter =
      data_profiler_filter =
      bind_user =
      bind_password =
      basedn = <my-dn>
      search_scope = SUBTREE

       

      And I started the airflow web server with command: 

      airflow webserver

      But when I signed in airflow in the login form, the following exception was rasied:

       

      Traceback (most recent call last):
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
       response = self.full_dispatch_request()
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
       rv = self.handle_user_exception(e)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
       reraise(exc_type, exc_value, tb)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
       raise value
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
       rv = self.dispatch_request()
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
       return self.view_functions[rule.endpoint](**req.view_args)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py", line 69, in inner
       return self._run_view(f, *args, **kwargs)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/flask_admin/base.py", line 368, in _run_view
       return fn(self, *args, **kwargs)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/www/views.py", line 731, in login
       return airflow.login.login(self, request)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/utils/db.py", line 73, in wrapper
       return func(*args, **kwargs)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 308, in login
       LdapUser.try_login(username, password)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 196, in try_login
       configuration.conf.get("ldap", "bind_password"))
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/airflow/contrib/auth/backends/ldap_auth.py", line 72, in get_ldap_connection
       ca_certs_file=cacert)
       File "/data/home/jeremy/anaconda3/lib/python3.6/site-packages/ldap3/core/tls.py", line 93, in __init__
       raise LDAPSSLConfigurationError('invalid CA public key file')
      ldap3.core.exceptions.LDAPSSLConfigurationError: invalid CA public key file 
      

      I think using non-ssl ldap server should be considered for the internal airflow server.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jerevia Jeremy
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: