1. 在airflow.cfg中，修改ldap域名和端口号

[ldap] uri = ldap://your_server:port

2. 配置ldap域/组的dn和基础dn

[ldap] user_filter = ldap_filter user_name_attr = sAMAccountName

3. 修改/security/ldap_auth_backend.py文件

   def _ldap_search(self, search_filter): """ Search for dn's within the LDAP server using the filter provided. """ ldap_conn = self.get_ldap_connection() ldap_result_id = ldap_conn.search( self.ldap_search, ldap.SCOPE_SUBTREE, search_filter, ['memberOf', self.user_name_attrib, 'distinguishedName'] ) result_type, result_data = ldap_conn.result(ldap_result_id, 0) if not result_data: return None

    return result_data[0][0]
   

4. 将distinguishedName添加到LDAPBackend的模型中

class LDAPUser(BaseUser): ... distinguished_name = airflow.models.crypto.EncryptedType( sqlalchemy.String(1024), key=FERNET_KEY, default='', nullable=True, )

5. 重新启动Airflow，并测试ldap登录功能。