Closed qin4zhang closed 5 years ago
This is really a FAB (Flask-AppBuilder) question.
OK, thanks.
Hi, I am not sure, if it helps, but it could ... we have Microsoft AD and ldap and we are able to successfully login with configuration parameters below.
AUTH_TYPE = AUTH_LDAP
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
AUTH_LDAP_SERVER = "ldap://servername-1.ad.domain.cz"
AUTH_LDAP_SEARCH = "DC=ad,DC=domain,DC=cz"
AUTH_LDAP_BIND_USER = "CN=BISystemUser,OU=Service Accounts,OU=mycompany Users,DC=ad,DC=domain,DC=cz"
AUTH_LDAP_BIND_PASSWORD = "yourPassword"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
We are able to login with BISystemUser/yourPassword with tools like jXplorer or any other LDAP tools.
HTH!
If our documentation is lacking it would be nice to update it with whatever may help user in configuring LDAP auth.
Third issue about LDAP problems, always resolved as external bug. I guess at least documentation could be updated.
https://github.com/apache/incubator-superset/issues/4881 https://github.com/apache/incubator-superset/issues/3221
Contributions to the documentation are welcomed!
Was able to connect to LDAP Test Server http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
With following config
AUTH_TYPE = AUTH_LDAP
# Uncomment to setup Full admin role name
AUTH_ROLE_ADMIN = 'Admin'
# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
# The default user self registration role
# AUTH_USER_REGISTRATION_ROLE = "Public"
# When using LDAP Auth, setup the ldap server
AUTH_LDAP_SERVER = "ldap://ldap.forumsys.com:389"
AUTH_LDAP_SEARCH = "dc=example,dc=com"
AUTH_LDAP_BIND_USER = "uid=riemann,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"
For user
User:riemann
Password:password
@bhasin85 : Thanks it works , don't forget to install this package :
pip install python-ldap
Was able to connect to LDAP Test Server http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
With following config
AUTH_TYPE = AUTH_LDAP # Uncomment to setup Full admin role name AUTH_ROLE_ADMIN = 'Admin' # Uncomment to setup Public role name, no authentication needed # AUTH_ROLE_PUBLIC = 'Public' # Will allow user self registration AUTH_USER_REGISTRATION = True # The default user self registration role # AUTH_USER_REGISTRATION_ROLE = "Public" # When using LDAP Auth, setup the ldap server AUTH_LDAP_SERVER = "ldap://ldap.forumsys.com:389" AUTH_LDAP_SEARCH = "dc=example,dc=com" AUTH_LDAP_BIND_USER = "uid=riemann,dc=example,dc=com" AUTH_LDAP_BIND_PASSWORD = "password"
For user
User:riemann Password:password
I am actually following the same logic as you. And superset is running on the server now. But i cannot log-in with my information written in the configuration file.
AUTH_LDAP_BIND_USER = "uid=superset_bot,cn=users,dc=example,dc=com" AUTH_LDAP_BIND_PASSWORD = "my_password"
What I entered in the log-in page: username: superset_bot password: my_password
However, it gives me the error of "Invalid login. Please try again." Does anyone know why?
The userid MUST match what comes back from LDAP once you turn on LDAP.
I got bitten by this too.
Does riemann exist in LDAP with password password?
The LDAPBIND* is JUST to allow SuperSet to look at LDAP for users/password, not to log into the app.
Can anyone tell me if I can use more than one domain?
Was able to connect to LDAP Test Server http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ With following config
AUTH_TYPE = AUTH_LDAP # Uncomment to setup Full admin role name AUTH_ROLE_ADMIN = 'Admin' # Uncomment to setup Public role name, no authentication needed # AUTH_ROLE_PUBLIC = 'Public' # Will allow user self registration AUTH_USER_REGISTRATION = True # The default user self registration role # AUTH_USER_REGISTRATION_ROLE = "Public" # When using LDAP Auth, setup the ldap server AUTH_LDAP_SERVER = "ldap://ldap.forumsys.com:389" AUTH_LDAP_SEARCH = "dc=example,dc=com" AUTH_LDAP_BIND_USER = "uid=riemann,dc=example,dc=com" AUTH_LDAP_BIND_PASSWORD = "password"
For user
User:riemann Password:password
I am actually following the same logic as you. And superset is running on the server now. But i cannot log-in with my information written in the configuration file.
AUTH_LDAP_BIND_USER = "uid=superset_bot,cn=users,dc=example,dc=com" AUTH_LDAP_BIND_PASSWORD = "my_password"
What I entered in the log-in page: username: superset_bot password: my_password
However, it gives me the error of "Invalid login. Please try again." Does anyone know why?
Did you manage to fix this? I am facing the same issue.
Make sure these boxes are checked before submitting your issue - thank you!
Superset version
0.22.1
Expected results
login successfully
Actual results
cannot login in
Steps to reproduce
modify config.py from flask_appbuilder.security.manager import AUTH_LDAP AUTH_TYPE = AUTH_LDAP AUTH_LDAP_SERVER = "ldap://server:port" AUTH_LDAP_USE_TLS = False AUTH_LDAP_SEARCH = "dc=" AUTH_LDAP_BIND_USER = "uid=,ou=,dc=,dc=" AUTH_LDAP_BIND_PASSWORD = "" AUTH_LDAP_UID_FIELD = "sAMAccountName" AUTH_LDAP_APPEND_DOMAIN = '**'
console in debug mode: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Starting Superset server in DEBUG mode -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
2018-04-18 19:01:31,195:WARNING:werkzeug: Debugger is active! 2018-04-18 19:01:31,195:INFO:werkzeug: Debugger PIN: 859-227-507 2018-04-18 19:02:03,228:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:03] "GET /login/ HTTP/1.1" 200 - 2018-04-18 19:02:04,699:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:04] "GET /static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 - 2018-04-18 19:02:11,270:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:11] "POST /login/ HTTP/1.1" 302 - 2018-04-18 19:02:11,420:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:11] "GET /login/ HTTP/1.1" 200 - 2018-04-18 19:02:12,952:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:12] "GET /static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 - 2018-04-18 19:02:25,235:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:25] "POST /login/ HTTP/1.1" 302 - 2018-04-18 19:02:25,396:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:25] "GET /login/ HTTP/1.1" 200 - 2018-04-18 19:02:26,905:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:26] "GET /static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 -
however, I cannot login in. LDAP log missed.How could I do to solve it ?