Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PROBLEMS WHEN LINKING LDAP #28427

Open
3 tasks done
iRoot13x18 opened this issue May 10, 2024 · 1 comment
Open
3 tasks done

PROBLEMS WHEN LINKING LDAP #28427

iRoot13x18 opened this issue May 10, 2024 · 1 comment

Comments

@iRoot13x18
Copy link

Bug description

I need to link LDAP to my superset and it is giving me error when connecting, I have verified that the LDAP credentials are correct. I have based on these two configuration files.

How to reproduce the bug

1- go to PYTHONPATH

2-edit superset_config.py file and put the relevant configuration for LDAP, in particular this was this
import os
from superset.security import SupersetSecurityManager
from flask_appbuilder.security.manager import AUTH_DB,AUTH_LDAP
from custom_security_manager import CustomSecurityManager

AUTH_TYPE = AUTH_LDAP
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Public"
AUTH_LDAP_SERVER = "ldaps://server.yourdomain.com:636"
AUTH_LDAP_USE_TLS = False
AUTH_LDAP_BIND_USER = "cn=mycn,ou=myou,ou=myou,dc=mydc,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_SEARCH = "DC=your_domain,DC=com,"
AUTH_LDAP_UID_FIELD = "sAMAccountName"
AUTH_LDAP_ALLOW_SELF_SIGNED=True
AUTH_LDAP_APPEND_DOMAIN=False
AUTH_LDAP_FIRSTNAME_FIELD="givenName"
AUTH_LDAP_LASTNAME_FIELD="sn"
AUTH_LDAP_USE_TLS=False
AUTH_USER_REGISTRATION=True

CUSTOM_SECURITY_MANAGER = CustomSecurityManager

3-create and modify the custom_security_manager.py file in PYTHONPATH
from superset.security import SupersetSecurityManager
from flask_appbuilder.security.views import AuthLDAPView
from flask_appbuilder.security.views import expose
from flask import g, redirect, flash
from flask_appbuilder.security.forms import LoginForm_db
from flask_login import login_user
from flask_appbuilder._compat import as_unicode

class AuthLocalAndLDAPView(AuthLDAPView):
@expose("/login/", methods=["GET", "POST"])
def login(self):
if g.user is not None and g.user.is_authenticated:
return redirect(self.appbuilder.get_url_for_index)
form = LoginForm_db()
if form.validate_on_submit():
user = self.appbuilder.sm.auth_user_ldap(
form.username.data, form.password.data
)
if not user:
user = self.appbuilder.sm.auth_user_db(
form.username.data, form.password.data
)
if user:
login_user(user, remember=False)
return redirect(self.appbuilder.get_url_for_index)
else:
flash(as_unicode(self.invalid_login_message), "warning")
return redirect(self.appbuilder.get_url_for_login)
return self.render_template(
self.login_template, title=self.title, form=form, appbuilder=self.appbuilder
)

class CustomSecurityManager(SupersetSecurityManager):
authldapview = AuthLocalAndLDAPView
def init(self, appbuilder):
super(CustomSecurityManager, self).init(appbuilder)

4-restart docker-compose and try logging in with ldap credentials

Screenshots/recordings

No response

Superset version

4.0.0

Python version

3.10

Node version

18 or greater

Browser

Chrome

Additional context

I will leave here the web page on which I based my configuration.
https://medium.com/@ozan/configure-ldap-and-local-user-login-on-superset-69fa4df4ee24

Checklist

  • I have searched Superset docs and Slack and didn't find a solution to my problem.
  • I have searched the GitHub issue tracker and didn't find a similar bug report.
  • I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
@dosubot DosuBot
Copy link

dosubot bot commented May 10, 2024
edited

To address the LDAP connection issue in Superset, ensure the following:

  1. python-ldap Installation: Confirm python-ldap is installed in your environment, as it's required for LDAP authentication.

  2. LDAP Configuration: Double-check your superset_config.py for correct LDAP settings according to Flask App Builder documentation. This includes server details, user bind configuration, and search options.

  3. Role Mapping: Verify AUTH_ROLES_MAPPING in superset_config.py for accurate LDAP group to Superset role mappings, if applicable.

  4. Role Sync: If AUTH_ROLES_SYNC_AT_LOGIN is enabled, ensure LDAP group to role mappings are syncing correctly at login.

  5. Debugging: Increase logging level in Superset to capture detailed LDAP-related errors, which can provide insights into configuration or connectivity issues.

  6. Package Compatibility: Check that your python-ldap package version is compatible with Superset 4.0.0, which recommends version >=3.4.4.

  7. Network and Firewall: Ensure no network or firewall settings are blocking connections to the LDAP server.

  8. LDAP Server Settings: Review the LDAP server configuration for correct base DN, user DN, and search filters.

If the issue persists after these checks, consider reviewing discussions and issues in the Superset repository related to LDAP authentication for additional insights and potential solutions.

Details

Sources


About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@iRoot13x18