[bitnami/airflow] feat: enhance LDAP config with user attribute mapping and support for Flask AppBuilder AUTH_LDAP (#34382)

* feat(airflow): enhance LDAP config with user attribute mapping and support for Flask AppBuilder AUTH_LDAP Signed-off-by: marcelo.caldas <marcelo.caldas@luizalabs.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> --------- Signed-off-by: marcelo.caldas <marcelo.caldas@luizalabs.com> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: marcelo.caldas <marcelo.caldas@luizalabs.com> Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com>
2026-03-29 16:27:11 +08:00 · 2025-06-16 12:46:22 -03:00
parent a68568bf91
commit 047f06d129
5 changed files with 20 additions and 4 deletions
--- a/bitnami/airflow/CHANGELOG.md
+++ b/bitnami/airflow/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog

-## 24.1.2 (2025-06-06)
+## 24.1.3 (2025-06-13)

-* [bitnami/airflow] :zap: :arrow_up: Update dependency references ([#34221](https://github.com/bitnami/charts/pull/34221))
+* [bitnami/airflow] feat: enhance LDAP config with user attribute mapping and support for Flask AppBuilder AUTH_LDAP ([#34382](https://github.com/bitnami/charts/pull/34382))
+
+## <small>24.1.2 (2025-06-06)</small>
+
+* [bitnami/airflow] :zap: :arrow_up: Update dependency references (#34221) ([f42b7ae](https://github.com/bitnami/charts/commit/f42b7aefc905b479c54b142d7c0152fc9fa5c36d)), closes [#34221](https://github.com/bitnami/charts/issues/34221)

 ## <small>24.1.1 (2025-05-26)</small>

--- a/bitnami/airflow/Chart.yaml
+++ b/bitnami/airflow/Chart.yaml
@@ -42,4 +42,4 @@ maintainers:
 name: airflow
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/airflow
-version: 24.1.2
+version: 24.1.3
--- a/bitnami/airflow/README.md
+++ b/bitnami/airflow/README.md
@@ -1093,6 +1093,9 @@ The Bitnami Airflow chart relies on the PostgreSQL chart persistence. This means
 | `ldap.uri`                       | Server URI, eg. ldap://ldap_server:389                                                                                             | `ldap://ldap_server:389`                                                                                  |
 | `ldap.basedn`                    | Base of the search, eg. ou=example,o=org.                                                                                          | `dc=example,dc=org`                                                                                       |
 | `ldap.searchAttribute`           | if doing an indirect bind to ldap, this is the field that matches the username when searching for the account to bind to           | `cn`                                                                                                      |
+| `ldap.firstnameField`            | LDAP field that stores the user's first name.                                                                                      | `givenName`                                                                                               |
+| `ldap.lastnameField`             | LDAP field that stores the user's last name.                                                                                       | `sn`                                                                                                      |
+| `ldap.emailField`                | field that stores the user's email address, if null in LDAP, email is set to: "{username}@email.notfound"                          | `mail`                                                                                                    |
 | `ldap.binddn`                    | DN of the account used to search in the LDAP server.                                                                               | `cn=admin,dc=example,dc=org`                                                                              |
 | `ldap.bindpw`                    | Bind Password                                                                                                                      | `""`                                                                                                      |
 | `ldap.existingSecret`            | Name of an existing secret containing the LDAP bind password                                                                       | `""`                                                                                                      |
--- a/bitnami/airflow/templates/web/configmap.yaml
+++ b/bitnami/airflow/templates/web/configmap.yaml
@@ -26,12 +26,15 @@ data:
    import os

  {{- if .Values.ldap.enabled }}
-    from airflow.www.fab_security.manager import AUTH_LDAP
+    from flask_appbuilder.const import AUTH_LDAP

    AUTH_TYPE = AUTH_LDAP
    AUTH_LDAP_SERVER = {{ .Values.ldap.uri | squote }}
    AUTH_LDAP_SEARCH = {{ .Values.ldap.basedn | squote }}
    AUTH_LDAP_UID_FIELD = {{ .Values.ldap.searchAttribute | squote }}
+    AUTH_LDAP_FIRSTNAME_FIELD = {{ .Values.ldap.firstnameField | squote }}
+    AUTH_LDAP_LASTNAME_FIELD = {{ .Values.ldap.lastnameField | squote }}
+    AUTH_LDAP_EMAIL_FIELD = {{ .Values.ldap.emailField | squote }}
    AUTH_LDAP_BIND_USER = {{ .Values.ldap.binddn | squote }}
    AUTH_USER_REGISTRATION = {{ .Values.ldap.userRegistration | squote }}
    AUTH_USER_REGISTRATION_ROLE = {{ .Values.ldap.userRegistrationRole | squote }}
--- a/bitnami/airflow/values.yaml
+++ b/bitnami/airflow/values.yaml
@@ -2580,6 +2580,9 @@ setupDBJob:
 ## @param ldap.uri Server URI, eg. ldap://ldap_server:389
 ## @param ldap.basedn Base of the search, eg. ou=example,o=org.
 ## @param ldap.searchAttribute if doing an indirect bind to ldap, this is the field that matches the username when searching for the account to bind to
+## @param ldap.firstnameField LDAP field that stores the user's first name.
+## @param ldap.lastnameField LDAP field that stores the user's last name.
+## @param ldap.emailField field that stores the user's email address, if null in LDAP, email is set to: "{username}@email.notfound"
 ## @param ldap.binddn DN of the account used to search in the LDAP server.
 ## @param ldap.bindpw Bind Password
 ## @param ldap.existingSecret Name of an existing secret containing the LDAP bind password
@@ -2593,6 +2596,9 @@ ldap:
  uri: "ldap://ldap_server:389"
  basedn: "dc=example,dc=org"
  searchAttribute: "cn"
+  firstnameField: "givenName"
+  lastnameField: "sn"
+  emailField: "mail"
  binddn: "cn=admin,dc=example,dc=org"
  bindpw: ""
  existingSecret: ""