Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ldap configuration #4840

Closed
3 tasks done
qin4zhang opened this issue Apr 18, 2018 · 13 comments
Closed
3 tasks done

ldap configuration #4840

qin4zhang opened this issue Apr 18, 2018 · 13 comments

Comments

@qin4zhang
Copy link

qin4zhang commented Apr 18, 2018

Make sure these boxes are checked before submitting your issue - thank you!

  • I have checked the superset logs for python stacktraces and included it here as text if any
  • I have reproduced the issue with at least the latest released version of superset
  • I have checked the issue tracker for the same issue and I haven't found one similar

Superset version

0.22.1

Expected results

login successfully

Actual results

cannot login in

Steps to reproduce

modify config.py
from flask_appbuilder.security.manager import AUTH_LDAP
AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_SERVER = "ldap://server:port"
AUTH_LDAP_USE_TLS = False
AUTH_LDAP_SEARCH = "dc="
AUTH_LDAP_BIND_USER = "uid=
,ou=,dc=,dc="
AUTH_LDAP_BIND_PASSWORD = "
"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
AUTH_LDAP_APPEND_DOMAIN = '**'

console in debug mode:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Starting Superset server in DEBUG mode
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

2018-04-18 19:01:31,195:WARNING:werkzeug: * Debugger is active!
2018-04-18 19:01:31,195:INFO:werkzeug: * Debugger PIN: 859-227-507
2018-04-18 19:02:03,228:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:03] "GET /login/ HTTP/1.1" 200 -
2018-04-18 19:02:04,699:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:04] "GET /static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 -
2018-04-18 19:02:11,270:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:11] "POST /login/ HTTP/1.1" 302 -
2018-04-18 19:02:11,420:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:11] "GET /login/ HTTP/1.1" 200 -
2018-04-18 19:02:12,952:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:12] "GET /static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 -
2018-04-18 19:02:25,235:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:25] "POST /login/ HTTP/1.1" 302 -
2018-04-18 19:02:25,396:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:25] "GET /login/ HTTP/1.1" 200 -
2018-04-18 19:02:26,905:INFO:werkzeug:172.22.4.100 - - [18/Apr/2018 19:02:26] "GET /static/appbuilder/css/bootstrap.min.css.map HTTP/1.1" 404 -

however, I cannot login in. LDAP log missed.How could I do to solve it ?

@mistercrunch
Copy link
Member

This is really a FAB (Flask-AppBuilder) question.

@qin4zhang
Copy link
Author

OK, thanks.

@jhettler
Copy link

Hi, I am not sure, if it helps, but it could ... we have Microsoft AD and ldap and we are able to successfully login with configuration parameters below.

AUTH_TYPE = AUTH_LDAP
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
AUTH_LDAP_SERVER = "ldap://servername-1.ad.domain.cz"
AUTH_LDAP_SEARCH = "DC=ad,DC=domain,DC=cz"
AUTH_LDAP_BIND_USER = "CN=BISystemUser,OU=Service Accounts,OU=mycompany Users,DC=ad,DC=domain,DC=cz"
AUTH_LDAP_BIND_PASSWORD = "yourPassword"
AUTH_LDAP_UID_FIELD = "sAMAccountName"

We are able to login with BISystemUser/yourPassword with tools like jXplorer or any other LDAP tools.

HTH!

@xrmx
Copy link
Contributor

xrmx commented Apr 23, 2018

If our documentation is lacking it would be nice to update it with whatever may help user in configuring LDAP auth.

@vincnetas
Copy link

vincnetas commented Sep 29, 2018

Third issue about LDAP problems, always resolved as external bug. I guess at least documentation could be updated.

#4881
#3221

@mistercrunch
Copy link
Member

Contributions to the documentation are welcomed!

@bhasin85
Copy link

Was able to connect to LDAP Test Server
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

With following config

AUTH_TYPE = AUTH_LDAP

# Uncomment to setup Full admin role name
AUTH_ROLE_ADMIN = 'Admin'

# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'

# Will allow user self registration
AUTH_USER_REGISTRATION = True

# The default user self registration role
# AUTH_USER_REGISTRATION_ROLE = "Public"

# When using LDAP Auth, setup the ldap server
AUTH_LDAP_SERVER = "ldap://ldap.forumsys.com:389"
AUTH_LDAP_SEARCH = "dc=example,dc=com"
AUTH_LDAP_BIND_USER = "uid=riemann,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"

For user

User:riemann
Password:password

@hayou
Copy link

hayou commented Feb 17, 2019

@bhasin85 : Thanks it works , don't forget to install this package :

pip install python-ldap

@Elaine66
Copy link

Was able to connect to LDAP Test Server
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

With following config

AUTH_TYPE = AUTH_LDAP

# Uncomment to setup Full admin role name
AUTH_ROLE_ADMIN = 'Admin'

# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'

# Will allow user self registration
AUTH_USER_REGISTRATION = True

# The default user self registration role
# AUTH_USER_REGISTRATION_ROLE = "Public"

# When using LDAP Auth, setup the ldap server
AUTH_LDAP_SERVER = "ldap://ldap.forumsys.com:389"
AUTH_LDAP_SEARCH = "dc=example,dc=com"
AUTH_LDAP_BIND_USER = "uid=riemann,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"

For user

User:riemann
Password:password

I am actually following the same logic as you. And superset is running on the server now. But i cannot log-in with my information written in the configuration file.

AUTH_LDAP_BIND_USER = "uid=superset_bot,cn=users,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "my_password"

What I entered in the log-in page:
username: superset_bot
password: my_password

However, it gives me the error of "Invalid login. Please try again." Does anyone know why?
Screen Shot 2019-06-12 at 3 33 18 PM

@lrosenman
Copy link

The userid MUST match what comes back from LDAP once you turn on LDAP.

I got bitten by this too.

Does riemann exist in LDAP with password password?

@lrosenman
Copy link

The LDAP_BIND_* is JUST to allow SuperSet to look at LDAP for users/password, not to log into the app.

@ziusware
Copy link

Can anyone tell me if I can use more than one domain?

@thamboojr
Copy link

Was able to connect to LDAP Test Server
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
With following config

AUTH_TYPE = AUTH_LDAP

# Uncomment to setup Full admin role name
AUTH_ROLE_ADMIN = 'Admin'

# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'

# Will allow user self registration
AUTH_USER_REGISTRATION = True

# The default user self registration role
# AUTH_USER_REGISTRATION_ROLE = "Public"

# When using LDAP Auth, setup the ldap server
AUTH_LDAP_SERVER = "ldap://ldap.forumsys.com:389"
AUTH_LDAP_SEARCH = "dc=example,dc=com"
AUTH_LDAP_BIND_USER = "uid=riemann,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"

For user

User:riemann
Password:password

I am actually following the same logic as you. And superset is running on the server now. But i cannot log-in with my information written in the configuration file.

AUTH_LDAP_BIND_USER = "uid=superset_bot,cn=users,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "my_password"

What I entered in the log-in page: username: superset_bot password: my_password

However, it gives me the error of "Invalid login. Please try again." Does anyone know why? Screen Shot 2019-06-12 at 3 33 18 PM

Did you manage to fix this? I am facing the same issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests