Open iRoot13x18 opened 1 month ago
To address the LDAP connection issue in Superset, ensure the following:
python-ldap
Installation: Confirm python-ldap
is installed in your environment, as it's required for LDAP authentication.
LDAP Configuration: Double-check your superset_config.py
for correct LDAP settings according to Flask App Builder documentation. This includes server details, user bind configuration, and search options.
Role Mapping: Verify AUTH_ROLES_MAPPING
in superset_config.py
for accurate LDAP group to Superset role mappings, if applicable.
Role Sync: If AUTH_ROLES_SYNC_AT_LOGIN
is enabled, ensure LDAP group to role mappings are syncing correctly at login.
Debugging: Increase logging level in Superset to capture detailed LDAP-related errors, which can provide insights into configuration or connectivity issues.
Package Compatibility: Check that your python-ldap
package version is compatible with Superset 4.0.0, which recommends version >=3.4.4
.
Network and Firewall: Ensure no network or firewall settings are blocking connections to the LDAP server.
LDAP Server Settings: Review the LDAP server configuration for correct base DN, user DN, and search filters.
If the issue persists after these checks, consider reviewing discussions and issues in the Superset repository related to LDAP authentication for additional insights and potential solutions.
To continue the conversation, mention @dosu.
Bug description
I need to link LDAP to my superset and it is giving me error when connecting, I have verified that the LDAP credentials are correct. I have based on these two configuration files.
How to reproduce the bug
1- go to PYTHONPATH
2-edit superset_config.py file and put the relevant configuration for LDAP, in particular this was this import os from superset.security import SupersetSecurityManager from flask_appbuilder.security.manager import AUTH_DB,AUTH_LDAP from custom_security_manager import CustomSecurityManager
AUTH_TYPE = AUTH_LDAP AUTH_USER_REGISTRATION = True AUTH_USER_REGISTRATION_ROLE = "Public" AUTH_LDAP_SERVER = "ldaps://server.yourdomain.com:636" AUTH_LDAP_USE_TLS = False AUTH_LDAP_BIND_USER = "cn=mycn,ou=myou,ou=myou,dc=mydc,dc=com" AUTH_LDAP_BIND_PASSWORD = "password" AUTH_LDAP_SEARCH = "DC=your_domain,DC=com," AUTH_LDAP_UID_FIELD = "sAMAccountName" AUTH_LDAP_ALLOW_SELF_SIGNED=True AUTH_LDAP_APPEND_DOMAIN=False AUTH_LDAP_FIRSTNAME_FIELD="givenName" AUTH_LDAP_LASTNAME_FIELD="sn" AUTH_LDAP_USE_TLS=False AUTH_USER_REGISTRATION=True
CUSTOM_SECURITY_MANAGER = CustomSecurityManager
3-create and modify the custom_security_manager.py file in PYTHONPATH from superset.security import SupersetSecurityManager from flask_appbuilder.security.views import AuthLDAPView from flask_appbuilder.security.views import expose from flask import g, redirect, flash from flask_appbuilder.security.forms import LoginForm_db from flask_login import login_user from flask_appbuilder._compat import as_unicode
class AuthLocalAndLDAPView(AuthLDAPView): @expose("/login/", methods=["GET", "POST"]) def login(self): if g.user is not None and g.user.is_authenticated: return redirect(self.appbuilder.get_url_for_index) form = LoginForm_db() if form.validate_on_submit(): user = self.appbuilder.sm.auth_user_ldap( form.username.data, form.password.data ) if not user: user = self.appbuilder.sm.auth_user_db( form.username.data, form.password.data ) if user: login_user(user, remember=False) return redirect(self.appbuilder.get_url_for_index) else: flash(as_unicode(self.invalid_login_message), "warning") return redirect(self.appbuilder.get_url_for_login) return self.render_template( self.login_template, title=self.title, form=form, appbuilder=self.appbuilder )
class CustomSecurityManager(SupersetSecurityManager): authldapview = AuthLocalAndLDAPView def init(self, appbuilder): super(CustomSecurityManager, self).init(appbuilder)
4-restart docker-compose and try logging in with ldap credentials
Screenshots/recordings
No response
Superset version
4.0.0
Python version
3.10
Node version
18 or greater
Browser
Chrome
Additional context
I will leave here the web page on which I based my configuration. https://medium.com/@ozan/configure-ldap-and-local-user-login-on-superset-69fa4df4ee24
Checklist