Reputation: 65
How to setup LDAP authentication in Airflow 2.0
I am currently attempting to setup LDAP integration with an existing LDAP server in Airflow. In the past, I have attempted making a cacert (ldap_ca.crt) and have followed this guide and this guide.
When I start up Airflow I am presented with a login screen that does not accept any users on the LDAP server and simply clears the username/password box when attempting to sign in.
This is the current code in my webserver_config.py (I have also tried making edits to airflow.cfg without success):
# The authentication type
# AUTH_OID : Is for OpenID
# AUTH_DB : Is for database
# AUTH_LDAP : Is for LDAP
# AUTH_REMOTE_USER : Is for using REMOTE_USER from web server
# AUTH_OAUTH : Is for OAuth
AUTH_TYPE = AUTH_LDAP
# Uncomment to setup Full admin role name
# AUTH_ROLE_ADMIN = 'Admin'
# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Viewer"
# When using LDAP Auth, setup the ldap server
# AUTH_LDAP_SERVER = "ldap://ldapserver.new"
AUTH_LDAP_SERVER = "ldap://ldap-server-name.org.com:999"
AUTH_LDAP_BIND_USER = "CN=p_biaas,OU=Unix,OU=ServiceAccounts,OU=AAA,OU=AAA,DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_BIND_PASSWORD = "password"
#AUTH_LDAP_SEARCH = "CN=Users,DC=ms,DC=ds,DC=aaa,DC=com"
#AUTH_LDAP_SEARCH= "OU=Unix,OU=ServiceAccounts,OU=AAA,OU=AAA,DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_SEARCH = "DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
#AUTH_LDAP_USE_TLS = False
AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
AUTH_LDAP_LASTTNAME_FIELD = "sn"
Upvotes: 6
Views: 20561
Answers (4)
Reputation: 2974
There is a webserver_config.py configuration for Airflow 2.2.2 to connect IBM Bluepages LDAP. It is based on Marc's answer.
The only difference is to set the default role to the Viewer for new users. User with Public role only after login sees a weird page that looks like something going wrong.
import os
from airflow import configuration as conf
from airflow.www.fab_security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
# The SQLAlchemy connection string.
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
# Flask-WTF flag for CSRF
CSRF_ENABLED = True
# AUTH_TYPE = AUTH_OAUTH
AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_SERVER = 'ldaps://bluepages.ibm.com:636'
# search configs
AUTH_LDAP_SEARCH = 'ou=bluepages,o=ibm.com'
AUTH_LDAP_UID_FIELD = 'mail'
AUTH_LDAP_ALLOW_SELF_SIGNED = True
# username and password to login IBM Bluepages
AUTH_LDAP_BIND_USER = 'uid=<<ibm user uid>>,c=us,ou=bluepages,o=ibm.com'
AUTH_LDAP_BIND_PASSWORD = '<<ibm user password>>'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Viewer'
AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
AUTH_LDAP_LASTNAME_FIELD = "sn"
AUTH_LDAP_EMAIL_FIELD = "mail"
# ----------------------------------------------------
# Theme CONFIG
# ----------------------------------------------------
# Flask App Builder comes up with a number of predefined themes
# that you can use for Apache Airflow.
# http://flask-appbuilder.readthedocs.io/en/latest/customizing.html#changing-themes
# Please make sure to remove "navbar_color" configuration from airflow.cfg
# in order to fully utilize the theme. (or use that property in conjunction with theme)
# APP_THEME = "bootstrap-theme.css" # default bootstrap
# APP_THEME = "amelia.css"
# APP_THEME = "cerulean.css"
# APP_THEME = "cosmo.css"
# APP_THEME = "cyborg.css"
# APP_THEME = "darkly.css"
# APP_THEME = "flatly.css"
# APP_THEME = "journal.css"
# APP_THEME = "lumen.css"
# APP_THEME = "paper.css"
# APP_THEME = "readable.css"
# APP_THEME = "sandstone.css"
# APP_THEME = "simplex.css"
# APP_THEME = "slate.css"
# APP_THEME = "solar.css"
# APP_THEME = "spacelab.css"
# APP_THEME = "superhero.css"
# APP_THEME = "united.css"
# APP_THEME = "yeti.css"
Upvotes: 0
Reputation: 821
I just made a video to set up Airflow 2.0 with LDAP. I think it will help you a lot :)
Configure AIRFLOW 2.0 with LDAP
Upvotes: 13
Reputation: 11
I had exact same issue...
Are you using the configuration files generated by the previous version of Airflow?
I had a similar configuration of LDAP (like you have) but it was not working with old configuration files.
Then I generated a brand new config by Airflow 2.0.1, passed in my old LDAP configuration and it worked.
Maybe it is the same issue.
Upvotes: 1
Reputation: 2919
The two guides that you followed are for airflow v1.10.1 and v1.10.12. Airflow 2.0 introduces a host of changes to providers (akin to python 2 to python 3).
As a start please refer to the current version of the airflow docs on access control
If you have a working configuration of LDAP in 1.10.12, try upgrading to v 1.10.14 and then installing the backport providers before following the recommended upgrade path.
Airflow has put out a guide on upgrading to airflow 2.0.
Upvotes: 2
Related Questions
- Create user with LDAP authentification in airflow 2.1.4
- Apache Airflow authentication through IdentityServer4(.NET)
- Airflow user creation
- restrict users with ldap in airflow
- How to activate authentication in Apache Airflow
- Airflow - CRITICAL - Cannot import authentication module airflow.contrib.auth.backends.ldap_auth
- how to do LDAP Authentication in spring cloud data flow server?
- Airflow LDAP with anonymous user
- Airflow Configuring AD/LDAP Admin Users And Regular Users
- what LDAP credentials are needed