Last active
January 7, 2023 18:17
-
-
Save prakshalj0512/a0fd3ecbb0eeb106c9e277c7f4aac6b0 to your computer and use it in GitHub Desktop.
Airflow Webserver Config for LDAP & RBAC Integration (Anonymous User)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
AUTH_ROLE_ADMIN: the role of the bind user (should be Admin) | |
AUTH_USER_REGISTRATION: boolean for automatically creating users on first log-in | |
AUTH_USER_REGISTRATION_ROLE: the role which first-time users logging in will be assigned | |
Possible Values: Admin, Viewer, User, Op, Public | |
AUTH_LDAP_SERVER: the LDAP server URI | |
AUTH_LDAP_SEARCH: update with the LDAP path under which you’d like the users to have access to Airflow (e.g. : 'dc=example,dc=com') | |
AUTH_LDAP_USERNAME_FORMAT: format in which to pass the UID for lDAP to validate (e.g. 'uid=%s,ou=People,dc=example,dc=com') | |
AUTH_LDAP_USE_TLS: boolean whether TLS is being used | |
AUTH_LDAP_ALLOW_SELF_SIGNED: boolean to allow self-signed certificates | |
AUTH_LDAP_TLS_CACERTFILE: location of the certificate | |
""" | |
import os | |
from airflow import configuration as conf | |
from flask_appbuilder.security.manager import AUTH_LDAP | |
basedir = os.path.abspath(os.path.dirname(__file__)) | |
SQLALCHEMY_DATABASE_URI = conf.get(‘core’, ‘SQL_ALCHEMY_CONN’) | |
CSRF_ENABLED = True | |
AUTH_TYPE = AUTH_LDAP | |
AUTH_ROLE_ADMIN = 'Admin' | |
AUTH_USER_REGISTRATION = True | |
AUTH_USER_REGISTRATION_ROLE = 'Viewer' | |
AUTH_LDAP_SERVER = 'ldaps://ldap.xxx.yyy.net:636' | |
AUTH_LDAP_SEARCH = 'dc=example,dc=com' | |
AUTH_LDAP_USERNAME_FORMAT = 'uid=%s,ou=People,dc=example,dc=com' | |
# LDAPS | |
AUTH_LDAP_USE_TLS = False | |
AUTH_LDAP_ALLOW_SELF_SIGNED = False | |
AUTH_LDAP_TLS_CACERTFILE = '/etc/ssl/certs/ldap.crt' |
Sorry prakshalj0512 but i cant understand your approach
If I' comment out [ldap] section and include this webserver_config.py this will run?
because i exec the airflow-webserver container and run the command
airflow config
then i read a default config under [ldap] label and donr work fine the identifycation with LDAP
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does it work on Airflow 2.0? I tried exactly as same as your code, but it doesn't work.