I was configuring ldap in airflow.
Followed this documentation here - https://flask-appbuilder.readthedocs.io/en/latest/security.html
webserver_config.py
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
# AUTH_USER_REGISTRATION_ROLE = "Viewer"
AUTH_LDAP_SERVER = 'ldaps://ldap:636/'
AUTH_LDAP_SEARCH = "DC=domain,DC=net"
AUTH_LDAP_BIND_USER = 'CN=admin,DC=domain,DC=net'
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_UID_FIELD = 'sAMAccountName'
AUTH_LDAP_USE_TLS = False
for running ldap container i used osixia/docker-openldap
but i run webserver and try to login it gives Invalid login. Please try again. No matter what id password i gave.
When not using ldap it is able to login with the user i created using airflow cli create_user
I don't know if i am doing everything right. There is no good documentation/article with the steps.
Can someone help me on this? THANKS!!!
Related
I am looking integrate the rabbitmq with LDAP and allows administrator access who are in the mentioned AD Group.
configuration files
rabbitmq.conf
auth_backends.1 = ldap
auth_ldap.servers.1 = example.com
auth_ldap.dn_lookup_attribute = sAMAccountName
auth_ldap.dn_lookup_base = OU=Standard,OU=Users,DC=example,DC=com
auth_ldap.user_dn_pattern = ${username}
auth_ldap.use_ssl = false
auth_ldap.port = 389
auth_ldap.log = network_unsafe
advanced.config
[{rabbitmq_auth_backend_ldap,[
{tag_queries, [{administrator, {in_group, "rabbitusers_group,OU=Security,OU=Groups,DC=example,DC=com","member"}},
{management, {constant,true}}]}
]}].
getting same even auth_ldap.dn_lookup_attribute sAMAccountName replaced with distinguishedName
I noticed in log --- user have tag administrator? false
I'm trying to use an hyperv provider for create some virtual machines but I need to define some parameters for the HyperV API. The problem is that WinRm (that is the tool that try to connect with the host) can't access with my credentials using the Basic Auth. However, If I use the Negotiate Auth, it returns a successfully connection. So, I don't know how can I define a parameter in Terraform for that.
Here is my provider config's code in Terraform:
provider "hyperv" {
user = myusername
password = mypassword
host = myhost
port = 5985
https = false
insecure = true
timeout = "60s"
}
My winrm/config/client:
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
My winrm/config/service:
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = true
EnableCompatibilityHttpsListener = true
CertificateThumbprint
AllowRemoteAccess = true
Hy again guys. If someone have the same problem I resolve it on that way:
-I activate Administrador user from Local users.
-Then, one have to run this command in a CMD:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
-Reboot the system
-Then, run winrm quickconfig in a CMD, and then it would work.
I hope it help you!
I am having a problem with GitLab server external URL
here is what I did :
I changed my GitLab.rb conf
external_url 'https://gitlab.tools.ex.com/'
and here is what I'm using
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab"
gitlab_rails['smtp_password'] = "XXXXX"
gitlab_rails['smtp_domain'] = "ex.com"
gitlab_rails['smtp_authentication'] = "gitlab#ex.com"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyon$
gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
first problem was a certificate problem :
ssl problem
after generating a certificate here is what I'm getting :
after generating
thanks in advance !
The current issues I am having is that LDAP settings do not seem to work with Airflow. My current code does not produce a login screen nor are there logs in the docker container that shows it is attempting to connect to the LDAP server. I have attempted to follow these tutorials but they appear to do nothing (i.e. the webserver_config.py is not being used) TutorialOne TutorialTwo
Any information regarding how the connection works would be greatly appreciated!
webserver_config.py:
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_LDAP
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_LDAP
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
#AUTH_USER_REGISTRATION_ROLE = "Viewer"
AUTH_LDAP_SERVER = 'ldapserveraddressherebutIwon'tshowyousorry'
AUTH_LDAP_SEARCH = "DC=ms,DC=ds,DC=uhc,DC=com"
AUTH_LDAP_BIND_USER = 'CN=Users,DC=ms,DC=ds,DC=uhc,DC=com'
AUTH_LDAP_BIND_PASSWORD ="*******************"
AUTH_LDAP_UID_FIELD = 'sAMAccountName'
AUTH_LDAP_USE_TLS = False
AUTH_LDAP_ALLOW_SELF_SIGNED = False
# Get relative path for CA certificate file
script_dir = os.path.dirname(__file__)
AUTH_LDAP_TLS_CACERTFILE = script_dir + "ca.cer"
I have deleted the authenticate = True and auth_backend = airflow.contrib.auth.backends.ldap_auth from airflow.cfg and my webserver_config.py is in the same folder for use.
This can be achieved through the airflow.cfg.
Please read the LDAP section below and let me know.
https://airflow.apache.org/docs/stable/security.html
Right!
I am getting ldap to work with GitLab 7.2.1. I have the correct LDAP connection details posted below:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_host'] = '## company url ##'
gitlab_rails['ldap_port'] = 389
gitlab_rails['ldap_uid'] = 'mail'
gitlab_rails['ldap_method'] = 'plain' # 'ssl' or 'plain'
gitlab_rails['ldap_bind_dn'] = ''
gitlab_rails['ldap_password'] = ''
gitlab_rails['ldap_allow_username_or_email_login'] = false
gitlab_rails['ldap_base'] = '## company bind ##'
gitlab_rails['gitlab_signup_enabled'] = 'true'
gitlab_rails['gitlab_default_projects_limit'] = 0
gitlab_rails['gitlab_default_can_create_group'] = false
I have the right username and password tested with others in my team. I have tried ssl and plain ldap on ports 389 & 636.
After wiresharking the traffic I found this:
However it returns:
Could not authorize you from LDAP because "Invalid credentials".
At the login page. which is a 49 response.
Any ideas?