We've updated airflow from 2.0.2 to 2.1.4 and we use LDAP for authentification in our "webserver_config.py", everything works fine. We're logged in as admin and checked the permissions in the admin role (all access given).

In the new airflow version the " " button disappears in the gui at url .../users/list/, but we can create users via airflow cli.

Is this a feature or a missconfiguration with LDAP-Auth?

CodePudding user response：

For LDAP you have an automated synchronisation of credentials between LDAP and Airflow and theoretically - you should not need to "add" users - if they are in LDAP with appropriate group the automated synchronisation should make sure that the users are automatically created wia AUTH_USER_REGISTRATION and there is also a possibility in recent versions of Airflow to automatically match LDAP groups with the RBAC roles in Airflow.

See Flask App Builder documentation for that:

https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap

LDAP authentication works in the way that it will automatically create a corresponding user in LDAP from the matching group seting.

If you can switch to that workflow - that shoudl solve your problem - all the users that will match the right group/roles - depending on your configuration.

However I understand there is an authentication workflow where you would still get credentials from LDAP, but where you want to manage who accesses Airfow not via LDAP group assignment but by Airlfow UI (this was possible before but it was removed when we enabled the RBAC syncing with LDAP).

We are tracking that issue here: https://github.com/apache/airflow/issues/18545 (likely will be released in 2.2) and there is a longer discussion https://github.com/apache/airflow/discussions/18290 and even a workaround (https://github.com/apache/airflow/discussions/18290#discussioncomment-13786070) you might want to apply in your 2.1.4 installed airflow manually to get that button back.