Open zeddit opened 1 year ago
I have copy the code in https://github.com/dpgaspar/Flask-AppBuilder/blob/74f37e21a3c9c7ca7fb3e56f73759e3eaa2ead6b/flask_appbuilder/security/manager.py#L938 , and I found the auth has no wrong. besides, I get into the pod of airflow webserver and test the network connectivity with ldap server, there is no problem.
when using startls auth method, the code failed at
if self.auth_ldap_use_tls:
try:
con.start_tls_s()
except Exception:
log.error(LOGMSG_ERR_SEC_AUTH_LDAP_TLS, self.auth_ldap_server)
return None
however, when I executed the same code in other pods or on the other host directly, it works with no error.
the problem has no progress yet.
@zeddit have you raised an issue with https://github.com/dpgaspar/Flask-AppBuilder?
@thesuperzapper not yet. I think your advice is right, the root cause is at Flask-AppBuilder, I will raise an issue there. great thanks for your help.
This issue has been automatically marked as stale because it has not had activity in 60 days. It will be closed in 7 days if no further activity occurs.
Thank you for your contributions.
Issues never become stale if any of the following is true:
lifecycle/frozen
labelHello! @zeddit facing with same problem, and when i set AUTH_LDAP_ALLOW_SELF_SIGNED = True, and use ldaps url to AD, it working.
Hello! @zeddit facing with same problem, and when i set AUTH_LDAP_ALLOW_SELF_SIGNED = True, and use ldaps url to AD, it working.
This helped me resolve the same issue in Superset after upgrading from 2.0.0 to 3.1.1, since Airflow and Superset both use Flask-AppBuilder for the LDAP authentication, and I was getting the same error before:
ERROR - {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
Hello! @zeddit facing with same problem, and when i set AUTH_LDAP_ALLOW_SELF_SIGNED = True, and use ldaps url to AD, it working.
This helped me resolve the same issue in Superset after upgrading from 2.0.0 to 3.1.1, since Airflow and Superset both use Flask-AppBuilder for the LDAP authentication, and I was getting the same error before:
ERROR - {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
@zeddit did you solve this problem?
Checks
User-Community Airflow Helm Chart
.Chart Version
8.8.0
Kubernetes Version
Helm Version
Description
I was trying to setup ldap but failed. The web UI refresh to the login page with empty user and password text after I click
sign in
.I have tried both method to integrate LDAP followed the instruction here https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap
The first one is configured with
STARTTLS
:and the logs from airflow-web and ldap server are shown below:
it seems the ldap server accepted the connection but closed immediately, and airflow-web thought that it haven't connect with ldap server.
The second method is configured with LDAP over TLS (ldaps):
and logs from ldap and airflow-web are listed below:
similarly, airflow connect with ldap but do no search query, and user could not login to the airflow.
ldap server is correct, because other system like grafana works fine.
how could the bug comes from, and how to fix it. great thanks.
Relevant Logs
No response
Custom Helm Values
No response