Last active
November 8, 2022 06:20
-
-
Save prakshalj0512/3f8f84b72f7a3053d145f829558cece7 to your computer and use it in GitHub Desktop.
Airflow Webserver Config for LDAP & RBAC Integration (Bind User)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
AUTH_ROLE_ADMIN: the role of the bind user (should be Admin) | |
AUTH_USER_REGISTRATION: boolean for automatically creating users on first log-in | |
AUTH_USER_REGISTRATION_ROLE: the role which first-time users logging in will be assigned | |
Possible Values: Admin, Viewer, User, Op, Public | |
AUTH_LDAP_SERVER: the LDAP server URI | |
AUTH_LDAP_SEARCH: update with the LDAP path under which you’d like the users to have access to Airflow. Example: dc=example,dc=com. | |
AUTH_LDAP_BIND_USER: the path of the LDAP proxy user to bind on to the top level. Example: cn=airflow,ou=users,dc=example,dc=com. | |
AUTH_LDAP_BIND_PASSWORD: the password of the bind user | |
AUTH_LDAP_UID_FIELD: the UID (unique identifier) field in LDAP | |
AUTH_LDAP_USE_TLS: boolean whether TLS is being used | |
AUTH_LDAP_ALLOW_SELF_SIGNED: boolean to allow self-signed certificates | |
AUTH_LDAP_TLS_CACERTFILE: location of the certificate | |
""" | |
import os | |
from airflow import configuration as conf | |
from flask_appbuilder.security.manager import AUTH_LDAP | |
basedir = os.path.abspath(os.path.dirname(__file__)) | |
SQLALCHEMY_DATABASE_URI = conf.get(‘core’, ‘SQL_ALCHEMY_CONN’) | |
CSRF_ENABLED = True | |
AUTH_TYPE = AUTH_LDAP | |
AUTH_ROLE_ADMIN = 'Admin' | |
AUTH_USER_REGISTRATION = True | |
AUTH_USER_REGISTRATION_ROLE = 'Viewer' | |
AUTH_LDAP_SERVER = 'ldaps://ldap.xxx.yyy.net:636' | |
AUTH_LDAP_SEARCH = 'ou=Users,o=corp' | |
AUTH_LDAP_BIND_USER = 'cn=<ldap-proxy-common-name>,ou=<ldap-proxy-user-org-unit>,o=<ldap-proxy-user-org>' | |
AUTH_LDAP_BIND_PASSWORD = '<ldap-proxy-password>' | |
AUTH_LDAP_UID_FIELD = 'uid' | |
# LDAPS | |
AUTH_LDAP_USE_TLS = False | |
AUTH_LDAP_ALLOW_SELF_SIGNED = False | |
AUTH_LDAP_TLS_CACERTFILE = '/etc/ssl/certs/ldap.crt' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment