How to setup LDAP authentication in Airflow 2.0

Asked 28/1, 2021 at 22:27 Answered 8/12, 2021 at 17:16

Solved security authentication ldap airflow airflow-2.x

I am currently attempting to setup LDAP integration with an existing LDAP server in Airflow. In the past, I have attempted making a cacert (ldap_ca.crt) and have followed this guide and this guide.

When I start up Airflow I am presented with a login screen that does not accept any users on the LDAP server and simply clears the username/password box when attempting to sign in.

This is the current code in my webserver_config.py (I have also tried making edits to airflow.cfg without success):

# The authentication type
# AUTH_OID : Is for OpenID
# AUTH_DB : Is for database
# AUTH_LDAP : Is for LDAP
# AUTH_REMOTE_USER : Is for using REMOTE_USER from web server
# AUTH_OAUTH : Is for OAuth
AUTH_TYPE = AUTH_LDAP

# Uncomment to setup Full admin role name
# AUTH_ROLE_ADMIN = 'Admin'

# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'

# Will allow user self registration
AUTH_USER_REGISTRATION = True

# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Viewer"

# When using LDAP Auth, setup the ldap server
# AUTH_LDAP_SERVER = "ldap://ldapserver.new"

AUTH_LDAP_SERVER = "ldap://ldap-server-name.org.com:999"
AUTH_LDAP_BIND_USER = "CN=p_biaas,OU=Unix,OU=ServiceAccounts,OU=AAA,OU=AAA,DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_BIND_PASSWORD = "password"
#AUTH_LDAP_SEARCH = "CN=Users,DC=ms,DC=ds,DC=aaa,DC=com"
#AUTH_LDAP_SEARCH= "OU=Unix,OU=ServiceAccounts,OU=AAA,OU=AAA,DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_SEARCH = "DC=ms,DC=ds,DC=aaa,DC=com"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
#AUTH_LDAP_USE_TLS = False

AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
AUTH_LDAP_LASTTNAME_FIELD = "sn"

Crabstick answered 28/1, 2021 at 22:27 Comment(0)

I just made a video to set up Airflow 2.0 with LDAP. I think it will help you a lot :)

Configure AIRFLOW 2.0 with LDAP

Lem answered 7/5, 2021 at 15:16 Comment(3)

Left a comment on your Udemy course a while back regarding this and wanted to thank you for making the video! – Crabstick 17/5, 2021 at 14:11

Great videos indeed! Keep them coming! – Prevaricate 25/5, 2023 at 19:45

hello! how did you get this webserver_config file? – Latakia 12/9 at 7:49

The two guides that you followed are for airflow v1.10.1 and v1.10.12. Airflow 2.0 introduces a host of changes to providers (akin to python 2 to python 3).

As a start please refer to the current version of the airflow docs on access control

If you have a working configuration of LDAP in 1.10.12, try upgrading to v 1.10.14 and then installing the backport providers before following the recommended upgrade path.

Airflow has put out a guide on upgrading to airflow 2.0.

Revisionist answered 17/2, 2021 at 17:16 Comment(0)

I had exact same issue...

Are you using the configuration files generated by the previous version of Airflow?

I had a similar configuration of LDAP (like you have) but it was not working with old configuration files.

Then I generated a brand new config by Airflow 2.0.1, passed in my old LDAP configuration and it worked.

Maybe it is the same issue.

Cannonball answered 20/2, 2021 at 19:15 Comment(0)

There is a webserver_config.py configuration for Airflow 2.2.2 to connect IBM Bluepages LDAP. It is based on Marc's answer.

The only difference is to set the default role to the Viewer for new users. User with Public role only after login sees a weird page that looks like something going wrong.

import os
from airflow import configuration as conf
from airflow.www.fab_security.manager import AUTH_LDAP

basedir = os.path.abspath(os.path.dirname(__file__))
# The SQLAlchemy connection string.
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
# Flask-WTF flag for CSRF
CSRF_ENABLED = True
# AUTH_TYPE = AUTH_OAUTH
AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_SERVER = 'ldaps://bluepages.ibm.com:636'

# search configs
AUTH_LDAP_SEARCH = 'ou=bluepages,o=ibm.com'
AUTH_LDAP_UID_FIELD = 'mail'
AUTH_LDAP_ALLOW_SELF_SIGNED = True
# username and password to login IBM Bluepages 
AUTH_LDAP_BIND_USER = 'uid=<<ibm user uid>>,c=us,ou=bluepages,o=ibm.com'
AUTH_LDAP_BIND_PASSWORD = '<<ibm user password>>'

# Will allow user self registration
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Viewer'
AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
AUTH_LDAP_LASTNAME_FIELD = "sn"
AUTH_LDAP_EMAIL_FIELD = "mail"


# ----------------------------------------------------
# Theme CONFIG
# ----------------------------------------------------
# Flask App Builder comes up with a number of predefined themes
# that you can use for Apache Airflow.
# http://flask-appbuilder.readthedocs.io/en/latest/customizing.html#changing-themes
# Please make sure to remove "navbar_color" configuration from airflow.cfg
# in order to fully utilize the theme. (or use that property in conjunction with theme)
# APP_THEME = "bootstrap-theme.css"  # default bootstrap
# APP_THEME = "amelia.css"
# APP_THEME = "cerulean.css"
# APP_THEME = "cosmo.css"
# APP_THEME = "cyborg.css"
# APP_THEME = "darkly.css"
# APP_THEME = "flatly.css"
# APP_THEME = "journal.css"
# APP_THEME = "lumen.css"
# APP_THEME = "paper.css"
# APP_THEME = "readable.css"
# APP_THEME = "sandstone.css"
# APP_THEME = "simplex.css"
# APP_THEME = "slate.css"
# APP_THEME = "solar.css"
# APP_THEME = "spacelab.css"
# APP_THEME = "superhero.css"
# APP_THEME = "united.css"
# APP_THEME = "yeti.css"

Rasputin answered 8/12, 2021 at 17:16 Comment(0)

Recommended topics

Hot tags