Skip to content
/ airflow-ldap-example Public

Example project for configuring opern source Airflow version with LDAP. Includes prepopulated OpenLDAP server

4 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

astronomer/airflow-ldap-example

BranchesTags

Repository files navigation

Airflow LDAP Example

Example project for configuring Airflow with LDAP. Includes prepopulated OpenLDAP server. Users are based off of characters in Futurama. LDAP attributes are documented below.

Airflow is configured to map Futurama ship_crew members to the Airflow Viewer role, and admin_staff to the Airflow Admin role.

Quick Sample User Reference:

Admin user:

username: hermes
password: hermes

Viewer user:

username: fry
password: fry

Usage

Initial Setup

When running the project for the first time, you need to initiate the Airflow database.

docker-compose up airflow-init

Running the Project

To run project:

docker-compose up

To stop project:

docker-compose down

To remove containers and volumes:

docker-compose down --volumes --rmi all

Configuration Changes

LDAP configs can be adjusted in webserver_config.py

You can override environment variables in the docker-compose file by adding them to an .env file in the project root.

Change the Airflow image version by modifying the build_arg in the docker-compose file.

Accessing Airflow

To login, enter username and password for one of the characters below.

For example, if you want to login as "Fry", username is fry and password is fry

LDAP structure

dc=planetexpress,dc=com

Admin Secret
cn=admin,dc=planetexpress,dc=com GoodNewsEveryone

ou=people,dc=planetexpress,dc=com

cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Hubert J. Farnsworth
sn Farnsworth
description Human
displayName Professor Farnsworth
employeeType Owner
employeeType Founder
givenName Hubert
jpegPhoto JPEG-Photo (630x507 Pixel, 26780 Bytes)
mail professor@planetexpress.com
mail hubert@planetexpress.com
ou Office Management
title Professor
uid professor
userPassword professor

cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Philip J. Fry
sn Fry
description Human
displayName Fry
employeeType Delivery boy
givenName Philip
jpegPhoto JPEG-Photo (429x350 Pixel, 22132 Bytes)
mail fry@planetexpress.com
ou Delivering Crew
uid fry
userPassword fry

cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn John A. Zoidberg
sn Zoidberg
description Decapodian
displayName Zoidberg
employeeType Doctor
givenName John
jpegPhoto JPEG-Photo (343x280 Pixel, 26438 Bytes)
mail zoidberg@planetexpress.com
ou Staff
title Ph. D.
uid zoidberg
userPassword zoidberg

cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Hermes Conrad
sn Conrad
description Human
employeeType Bureaucrat
employeeType Accountant
givenName Hermes
mail hermes@planetexpress.com
ou Office Management
uid hermes
userPassword hermes

cn=Turanga Leela,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Turanga Leela
sn Turanga
description Mutant
employeeType Captain
employeeType Pilot
givenName Leela
jpegPhoto JPEG-Photo (429x350 Pixel, 26526 Bytes)
mail leela@planetexpress.com
ou Delivering Crew
uid leela
userPassword leela

cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Bender Bending Rodríguez
sn Rodríguez
description Robot
employeeType Ship's Robot
givenName Bender
jpegPhoto JPEG-Photo (436x570 Pixel, 26819 Bytes)
mail bender@planetexpress.com
ou Delivering Crew
uid bender
userPassword bender

cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com

Amy has a multi-valued DN

Attribute Value
objectClass inetOrgPerson
cn Amy Wong
sn Kroker
description Human
givenName Amy
mail amy@planetexpress.com
ou Intern
uid amy
userPassword amy

cn=admin_staff,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass Group
cn admin_staff
member cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
member cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com

cn=ship_crew,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass Group
cn ship_crew
member cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
member cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
member cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com

Reference URLs

Github URL for ldap test server: https://github.com/rroemhild/docker-test-openldap

Airflow docker-compose: https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html#docker-compose-yaml

Airflow Security docs: https://airflow.apache.org/docs/apache-airflow/stable/security/access-control.html

FAB Security docs: https://flask-appbuilder.readthedocs.io/en/latest/security.html

About

Example project for configuring opern source Airflow version with LDAP. Includes prepopulated OpenLDAP server

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

61 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages