'Can't use local user with LDAP

I'm trying to integrate the apache superset with LDAP. with the configuration that I will provide below I can log in superset web with LDAP user but at the same time I can't log in with local users, such as admin, which was created during installation. What is the problem?

Also, I'm trying to split permission roles with "AUTH_ROLES_MAPPING" but with no luck yet. How can I do that?

from flask_appbuilder.security.manager import AUTH_OID
from flask_appbuilder.security.manager import AUTH_REMOTE_USER
from flask_appbuilder.security.manager import AUTH_DB
from flask_appbuilder.security.manager import AUTH_LDAP

#AUTH_TYPE = AUTH_LDAP
#AUTH_USER_REGISTRATION = True
#AUTH_USER_REGISTRATION_ROLE = "Public"

#AUTH_LDAP_SERVER = "ldap://10.10.0.50"
#AUTH_LDAP_USE_TLS = False
#AUTH_LDAP_BIND_USER = "CN=Administrator,CN=Users,DC=gru,DC=lab"
#AUTH_LDAP_BIND_PASSWORD = "password"
#AUTH_LDAP_SEARCH = "DC=gru,DC=lab"
#AUTH_LDAP_GROUP_FIELS="CN=linuxadmins,DC=gru,DC=lab"
#AUTH_LDAP_SEARCH = "DC=gru,DC=lab"
#AUTH_LDAP_UID_FIELD = "sAMAccountName"
#AUTH_LDAP_FIRSTNAME_FIELD = "givenName"
#AUTH_LDAP_LASTNAME_FIELD = "sn"

UPDATE -- I've tried "AUTH_TYPE = 1|2", also "AUTH_TYPE = AUTH_DB, AUTH_LDAP" . unfortunately no result.

authenticationldapflask-loginapache-superset


Solution 1:[1]

To use both - LDAP and DB users - you should implement custom Superset security manager which will solve the problem.

At first, you should create new file, e.g. my_security_manager.py. Put these lines into it:

from superset.security import SupersetSecurityManager


class MySecurityManager(SupersetSecurityManager):
    
    def __init__(self, appbuilder):
        super(MySecurityManager, self).__init__(appbuilder)

Secondly, you should let Superset know that you want to use your brand new security manager. To do so, add these lines to your Superset configuration file (superset_config.py):

from my_security_manager import MySecurityManager
CUSTOM_SECURITY_MANAGER = MySecurityManager

Then you can override auth_user_db(username, password) method of your class with your custom authentication logic.

Here is additional information on the topic.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Aleksandr Gordienko

Related Questions