The current issues I am having is that LDAP settings do not seem to work with Airflow. My current code does not produce a login screen nor are there logs in the docker container that shows it is attempting to connect to the LDAP server. I have attempted to follow these tutorials but they appear to do nothing (i.e. the webserver_config.py is not being used) TutorialOne TutorialTwo
Any information regarding how the connection works would be greatly appreciated!
webserver_config.py:
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
#AUTH_USER_REGISTRATION_ROLE = "Viewer"
AUTH_LDAP_SERVER = 'ldapserveraddressherebutIwon'tshowyousorry'
AUTH_LDAP_SEARCH = "DC=ms,DC=ds,DC=uhc,DC=com"
AUTH_LDAP_BIND_USER = 'CN=Users,DC=ms,DC=ds,DC=uhc,DC=com'
AUTH_LDAP_BIND_PASSWORD ="*******************"
AUTH_LDAP_UID_FIELD = 'sAMAccountName'
AUTH_LDAP_USE_TLS = False
AUTH_LDAP_ALLOW_SELF_SIGNED = False
# Get relative path for CA certificate file
script_dir = os.path.dirname(__file__)
AUTH_LDAP_TLS_CACERTFILE = script_dir + "ca.cer"
I have deleted the authenticate = True and auth_backend = airflow.contrib.auth.backends.ldap_auth from airflow.cfg and my webserver_config.py is in the same folder for use.
This can be achieved through the airflow.cfg.
Please read the LDAP section below and let me know.
https://airflow.apache.org/docs/stable/security.html
Related
I'm trying to use an hyperv provider for create some virtual machines but I need to define some parameters for the HyperV API. The problem is that WinRm (that is the tool that try to connect with the host) can't access with my credentials using the Basic Auth. However, If I use the Negotiate Auth, it returns a successfully connection. So, I don't know how can I define a parameter in Terraform for that.
Here is my provider config's code in Terraform:
provider "hyperv" {
user = myusername
password = mypassword
host = myhost
port = 5985
https = false
insecure = true
timeout = "60s"
}
My winrm/config/client:
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
My winrm/config/service:
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = true
EnableCompatibilityHttpsListener = true
CertificateThumbprint
AllowRemoteAccess = true
Hy again guys. If someone have the same problem I resolve it on that way:
-I activate Administrador user from Local users.
-Then, one have to run this command in a CMD:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
-Reboot the system
-Then, run winrm quickconfig in a CMD, and then it would work.
I hope it help you!
I am having a problem with GitLab server external URL
here is what I did :
I changed my GitLab.rb conf
external_url 'https://gitlab.tools.ex.com/'
and here is what I'm using
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab"
gitlab_rails['smtp_password'] = "XXXXX"
gitlab_rails['smtp_domain'] = "ex.com"
gitlab_rails['smtp_authentication'] = "gitlab#ex.com"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyon$
gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
first problem was a certificate problem :
ssl problem
after generating a certificate here is what I'm getting :
after generating
thanks in advance !
I installed openstack using devstack in one node. And this is my local.conf file:
[[local|localrc]]
ADMIN_PASSWORD=StrongAdminSecret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
PUBLIC_INTERFACE=enp0s8
HOST_IP=192.168.1.104
FLOATING_RANGE=192.168.1.0/24
PUBLIC_NETWORK_GATEWAY="192.168.1.1"
Q_FLOATING_ALLOCATION_POOL=start=192.168.1.120,end=192.168.1.140
enable_plugin gnocchi https://github.com/openstack/gnocchi master
enable_service gnocchi-api,gnocchi-metricd,gnocchi-grafana
enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git
CEILOMETER_BACKEND=gnocchi
enable_service horizon
enable_plugin cloudkitty https://git.openstack.org/openstack/cloudkitty.git master
enable_service ck-api ck-proc
CLOUDKITTY_COLLECTOR=gnocchi
Then try to install gnocchi and ceilometer from this link:
https://dommgifer.gitbook.io/knowledge/openstack/ceilometer-and-gnocchi-install
gnocchi upgrade is OK but when upgrade ceilometer this error is occurred:
keystoneauth1.exceptions.http.Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-dd1d31cf-f0ae-4c92-a03b-a36b08139b53)
This is my ceilometer.conf file:
[DEFAULT]
transport_url = rabbit://openstack:StrongAdminSecret#192.168.1.104
[dispatcher_gnocchi]
filter_service_activity = False
archive_policy = high
[service_credentials]
auth_url = http://192.168.1.104/identity/v3
region_name = RegionOne
password = StrongAdminSecret
username = ceilometer
project_name = service
project_domain_id = default
user_domain_id = default
auth_type = password
interface = internalURL
[keystone_authtoken]
memcached_servers = localhost:11211
cafile = /opt/stack/data/ca-bundle.pem
project_domain_name = Default
project_name = service
user_domain_name = Default
password = StrongAdminSecret
username = ceilometer
auth_url = http://192.168.1.104/identity/v3
interface = public
auth_type = password}
and this is my gnocchi.conf file:
[DEFAULT]
transport_url = rabbit://gnocchi:StrongAdminSecret#192.168.1.104
[api]
auth_mode = keystone
middlewares = oslo_middleware.cors.CORS
middlewares = keystonemiddleware.auth_token.AuthProtocol
auth_mode = keystone
[indexer]
url = mysql+pymysql://gnocchi:StrongAdminSecret#192.168.1.104/gnocchi
[keystone_authtoken]
auth_host = http://192.168.1.104/identity/v3
auth_protocol = http
admin_user = admin
admin_password = StrongAdminSecret
admin_tenant_name = admin
auth_url = http://192.168.1.104:identity/v3
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = gnocchi
password = StrongAdminSecret
interface = internalURL
region_name = RegionOne
[storage]
coordination_url = file:///var/lib/gnocchi/locks
file_basepath = /var/lib/gnocchi
driver = file
and this is my admin-openrc.sh file:
export OS_AUTH_URL=http://192.168.1.104/identity
export OS_AUTH_TYPE=password
export OS_PROJECT_ID=e250116cb5c0461f8c3d0a948fa47c2c
export OS_PROJECT_NAME="admin"
export OS_USER_DOMAIN_NAME="Default"
if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi
export OS_PROJECT_DOMAIN_ID="default"
if [ -z "$OS_PROJECT_DOMAIN_ID" ]; then unset OS_PROJECT_DOMAIN_ID; fi
unset OS_TENANT_ID
unset OS_TENANT_NAME
export OS_USERNAME="admin"
echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD="StrongAdminSecret"
export OS_REGION_NAME="RegionOne"
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
how can I fix this error?
I was configuring ldap in airflow.
Followed this documentation here - https://flask-appbuilder.readthedocs.io/en/latest/security.html
webserver_config.py
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
# AUTH_USER_REGISTRATION_ROLE = "Viewer"
AUTH_LDAP_SERVER = 'ldaps://ldap:636/'
AUTH_LDAP_SEARCH = "DC=domain,DC=net"
AUTH_LDAP_BIND_USER = 'CN=admin,DC=domain,DC=net'
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_UID_FIELD = 'sAMAccountName'
AUTH_LDAP_USE_TLS = False
for running ldap container i used osixia/docker-openldap
but i run webserver and try to login it gives Invalid login. Please try again. No matter what id password i gave.
When not using ldap it is able to login with the user i created using airflow cli create_user
I don't know if i am doing everything right. There is no good documentation/article with the steps.
Can someone help me on this? THANKS!!!
Right!
I am getting ldap to work with GitLab 7.2.1. I have the correct LDAP connection details posted below:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_host'] = '## company url ##'
gitlab_rails['ldap_port'] = 389
gitlab_rails['ldap_uid'] = 'mail'
gitlab_rails['ldap_method'] = 'plain' # 'ssl' or 'plain'
gitlab_rails['ldap_bind_dn'] = ''
gitlab_rails['ldap_password'] = ''
gitlab_rails['ldap_allow_username_or_email_login'] = false
gitlab_rails['ldap_base'] = '## company bind ##'
gitlab_rails['gitlab_signup_enabled'] = 'true'
gitlab_rails['gitlab_default_projects_limit'] = 0
gitlab_rails['gitlab_default_can_create_group'] = false
I have the right username and password tested with others in my team. I have tried ssl and plain ldap on ports 389 & 636.
After wiresharking the traffic I found this:
However it returns:
Could not authorize you from LDAP because "Invalid credentials".
At the login page. which is a 49 response.
Any ideas?