气流LDAP超级用户身份验证 [英] Airflow LDAP superuser authentication

问题描述

我正在使用Airflow v1.9.0，并尝试使用LDAP身份验证来设置组.我可以获得基本的LDAP身份验证，它将所有用户默认为超级用户.但是，我无法获得与特定人群匹配的广告.例如，我有一个用户TommyLeeJones，我知道它是MIB用户组的一部分，但是我无法获得让该用户与该组相匹配的气流.

I am using Airflow v1.9.0 and am trying to setup groups using LDAP authentication. I can get the basic LDAP authentication working that defaults all users to be superusers. However, I cannot get the AD to match against a specific group. For instance, I have user TommyLeeJones who I know is part of the user group MIB, but I can't get airflow to match this user against this group.

在我的airflow.cfg文件中，我已设置:

In my airflow.cfg file, I have set:

[webserver]
authenticate = True
auth_backend = airflow.contrib.auth.backends.ldap_auth

[ldap]
user_filter = objectClass=*
user_name_attr=sAMAccountName

在我的webserver.env文件中，我有:

In my webserver.env file, I have:

<代码>AIRFLOW__LDAP__URI = zartha.men.in.black:389AIRFLOW__LDAP__BIND_USER = men \ TommyLeeJonesAIRFLOW__LDAP__BIND_PASSWORD = APersonIsSmartPeopleAreDumb AIRFLOW__LDAP__SUPERUSER_FILTER = memberOf = CN = MIB，OU = UK，OU = Groups，DC = men，DC = in，DC = blackAIRFLOW__LDAP__DATA_PROFILER_FILTER = memberOf = CN = MIB，OU = UK，OU = Groups，DC = men，DC = in，DC = blackAIRFLOW__LDAP__BASEDN = DC = men，DC = in，DC = blackAIRFLOW__LDAP__SEARCH_SCOPE = SUBTREE

我可以登录，但不能以超级用户身份登录.

I can login, but not as a superuser which I should be able to.

推荐答案

使用LDAP时，我发现我通常会拼写错误的LDAP查询.

When working with LDAP, I find that I'm usually misspelling my LDAP query.

确认 AIRFLOW__LDAP__SUPERUSER_FILTER 是正确的.

您可以使用 ldap3 Python程序包，并在命令行中确认其有效.

You can use ldap3 Python package and confirm from the command line this works.

这篇关于气流LDAP超级用户身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！