3

我目前正在尝试设置 LDAP 与 Airflow 中现有 LDAP 服务器的集成。过去,我曾尝试制作 cacert (ldap_ca.crt) 并遵循本指南本指南

当我启动 Airflow 时,我会看到一个登录屏幕,它不接受 LDAP 服务器上的任何用户,并且在尝试登录时只是清除了用户名/密码框。

这是我的 webserver_config.py 中的当前代码(我也尝试过对 airflow.cfg 进行编辑但没有成功):

# The authentication type
# AUTH_OID : Is for OpenID
# AUTH_DB : Is for database
# AUTH_LDAP : Is for LDAP
# AUTH_REMOTE_USER : Is for using REMOTE_USER from web server
# AUTH_OAUTH : Is for OAuth
AUTH_TYPE = AUTH_LDAP

# Uncomment to setup Full admin role name
# AUTH_ROLE_ADMIN = 'Admin'

# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'

# Will allow user self registration
AUTH_USER_REGISTRATION = True

# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Viewer"

# When using LDAP Auth, setup the ldap server
# AUTH_LDAP_SERVER = "ldap://ldapserver.new"

AUTH_LDAP_SERVER = "ldap://ldap-server-name.org.com:999"
AUTH_LDAP_BIND_USER = "CN=p_biaas,OU=Unix,OU=ServiceAccounts,OU=AAA,OU=AAA,DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_BIND_PASSWORD = "password"
#AUTH_LDAP_SEARCH = "CN=Users,DC=ms,DC=ds,DC=aaa,DC=com"
#AUTH_LDAP_SEARCH= "OU=Unix,OU=ServiceAccounts,OU=AAA,OU=AAA,DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_SEARCH = "DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
#AUTH_LDAP_USE_TLS = False

AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
AUTH_LDAP_LASTTNAME_FIELD = "sn"
4

4 回答 4

3

我刚刚制作了一个使用 LDAP 设置 Airflow 2.0 的视频。我想它会对你有很大帮助:)

使用 LDAP 配置 AIRFLOW 2.0

于 2021-05-07T15:16:33.293 回答
2

您遵循的两个指南适用于气流 v1.10.1 和 v1.10.12。Airflow 2.0 对提供程序进行了许多更改(类似于 python 2 到 python 3)。

作为开始,请参考当前版本的访问控制气流文档

如果您在 1.10.12 中具有 LDAP 的工作配置,请尝试升级到 v 1.10.14,然后在遵循推荐的升级路径之前安装反向端口提供程序。

Airflow 发布了升级到气流 2.0 的指南

于 2021-02-17T17:16:42.420 回答
1

我有完全相同的问题...

你使用的是之前版本的 Airflow 生成的配置文件吗?

我有一个类似的 LDAP 配置(就像你一样),但它不能使用旧的配置文件。

然后我通过 Airflow 2.0.1 生成了一个全新的配置,传入我的旧 LDAP 配置并且它工作。

也许这是同一个问题。

于 2021-02-20T19:15:55.653 回答
0

Airflow 2.2.2有一个webserver_config.py用于连接 IBM Bluepages LDAP 的配置。它基于马克的回答。

唯一的区别是将默认角色设置Viewer为新用户。仅在登录后具有Public角色的用户会看到一个奇怪的页面,看起来像是出了问题。

import os
from airflow import configuration as conf
from airflow.www.fab_security.manager import AUTH_LDAP

basedir = os.path.abspath(os.path.dirname(__file__))
# The SQLAlchemy connection string.
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
# Flask-WTF flag for CSRF
CSRF_ENABLED = True
# AUTH_TYPE = AUTH_OAUTH
AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_SERVER = 'ldaps://bluepages.ibm.com:636'

# search configs
AUTH_LDAP_SEARCH = 'ou=bluepages,o=ibm.com'
AUTH_LDAP_UID_FIELD = 'mail'
AUTH_LDAP_ALLOW_SELF_SIGNED = True
# username and password to login IBM Bluepages 
AUTH_LDAP_BIND_USER = 'uid=<<ibm user uid>>,c=us,ou=bluepages,o=ibm.com'
AUTH_LDAP_BIND_PASSWORD = '<<ibm user password>>'

# Will allow user self registration
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Viewer'
AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
AUTH_LDAP_LASTNAME_FIELD = "sn"
AUTH_LDAP_EMAIL_FIELD = "mail"


# ----------------------------------------------------
# Theme CONFIG
# ----------------------------------------------------
# Flask App Builder comes up with a number of predefined themes
# that you can use for Apache Airflow.
# http://flask-appbuilder.readthedocs.io/en/latest/customizing.html#changing-themes
# Please make sure to remove "navbar_color" configuration from airflow.cfg
# in order to fully utilize the theme. (or use that property in conjunction with theme)
# APP_THEME = "bootstrap-theme.css"  # default bootstrap
# APP_THEME = "amelia.css"
# APP_THEME = "cerulean.css"
# APP_THEME = "cosmo.css"
# APP_THEME = "cyborg.css"
# APP_THEME = "darkly.css"
# APP_THEME = "flatly.css"
# APP_THEME = "journal.css"
# APP_THEME = "lumen.css"
# APP_THEME = "paper.css"
# APP_THEME = "readable.css"
# APP_THEME = "sandstone.css"
# APP_THEME = "simplex.css"
# APP_THEME = "slate.css"
# APP_THEME = "solar.css"
# APP_THEME = "spacelab.css"
# APP_THEME = "superhero.css"
# APP_THEME = "united.css"
# APP_THEME = "yeti.css"
于 2021-12-08T17:16:20.483 回答