diff --git a/docs/docs/en/architecture/configuration.md b/docs/docs/en/architecture/configuration.md index 604884f203..eb97e8fa60 100644 --- a/docs/docs/en/architecture/configuration.md +++ b/docs/docs/en/architecture/configuration.md @@ -219,7 +219,13 @@ spring.messages.encoding|UTF-8| message encoding spring.jackson.time-zone|GMT+8| time zone spring.messages.basename|i18n/messages| i18n config security.authentication.type|PASSWORD| authentication type - +security.authentication.ldap.user.admin|read-only-admin|admin user account when you log-in with LDAP +security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls +security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn +security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP username +security.authentication.ldap.password|password|LDAP password +security.authentication.ldap.user.identity.attribute|uid|LDAP user identity attribute +security.authentication.ldap.user.email.attribute|mail|LDAP user email attribute ### master.properties [master-service log config] diff --git a/docs/docs/zh/architecture/configuration.md b/docs/docs/zh/architecture/configuration.md index 1ea4cc5ad3..6adde902ac 100644 --- a/docs/docs/zh/architecture/configuration.md +++ b/docs/docs/zh/architecture/configuration.md @@ -210,6 +210,13 @@ spring.messages.encoding|UTF-8|请求编码 spring.jackson.time-zone|GMT+8|设置时区 spring.messages.basename|i18n/messages|i18n配置 security.authentication.type|PASSWORD|权限校验类型 +security.authentication.ldap.user.admin|read-only-admin|LDAP登陆时,系统管理员账号 +security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls +security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn +security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP账号 +security.authentication.ldap.password|password|LDAP密码 +security.authentication.ldap.user.identity.attribute|uid|LDAP用户身份标识字段名 +security.authentication.ldap.user.email.attribute|mail|LDAP邮箱字段名 ## 6.master.properties [Master服务配置] @@ -383,7 +390,7 @@ singleYarnIp="yarnIp1" resourceUploadPath="/dolphinscheduler" -# HDFS/S3 操作用户 +# HDFS/S3 操作用户 hdfsRootUser="hdfs" # 以下为 kerberos 配置 diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java index 9f4fd1f0ae..35abb11479 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java @@ -45,22 +45,22 @@ public class LdapService { @Value("${security.authentication.ldap.user.admin:null}") private String adminUserId; - @Value("${ldap.urls:null}") + @Value("${security.authentication.ldap.urls:null}") private String ldapUrls; - @Value("${ldap.base.dn:null}") + @Value("${security.authentication.ldap.base.dn:null}") private String ldapBaseDn; - @Value("${ldap.username:null}") + @Value("${security.authentication.ldap.username:null}") private String ldapSecurityPrincipal; - @Value("${ldap.password:null}") + @Value("${security.authentication.ldap.password:null}") private String ldapPrincipalPassword; - @Value("${ldap.user.identity.attribute:null}") + @Value("${security.authentication.ldap.user.identity.attribute:null}") private String ldapUserIdentifyingAttribute; - @Value("${ldap.user.email.attribute:null}") + @Value("${security.authentication.ldap.user.email.attribute:null}") private String ldapEmailAttribute; /*** diff --git a/dolphinscheduler-api/src/main/resources/application.yaml b/dolphinscheduler-api/src/main/resources/application.yaml index 6ef23be3ad..542b8048ed 100644 --- a/dolphinscheduler-api/src/main/resources/application.yaml +++ b/dolphinscheduler-api/src/main/resources/application.yaml @@ -128,6 +128,22 @@ python-gateway: # (0 = infinite), and socket server would never close even though no requests accept read-timeout: 0 +security: + authentication: + # Authentication types (supported types: PASSWORD,LDAP) + type: PASSWORD + # IF you set type `LDAP`, below config will be effective + ldap: + # admin userId + user.admin: read-only-admin + # ldap server config + urls: ldap://ldap.forumsys.com:389/ + base.dn: dc=example,dc=com + username: cn=read-only-admin,dc=example,dc=com + password: password + user.identity.attribute: uid + user.email.attribute: mail + # Override by profile --- diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java index e75cb2e9a8..143d7a6a6f 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java @@ -49,12 +49,12 @@ import org.springframework.test.context.TestPropertySource; properties = { "security.authentication.type=LDAP", "security.authentication.ldap.user.admin=read-only-admin", - "ldap.urls=ldap://ldap.forumsys.com:389/", - "ldap.base.dn=dc=example,dc=com", - "ldap.username=cn=read-only-admin,dc=example,dc=com", - "ldap.password=password", - "ldap.user.identity.attribute=uid", - "ldap.user.email.attribute=mail", + "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/", + "security.authentication.ldap.base.dn=dc=example,dc=com", + "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com", + "security.authentication.ldap.password=password", + "security.authentication.ldap.user.identity.attribute=uid", + "security.authentication.ldap.user.email.attribute=mail", }) public class LdapAuthenticatorTest extends AbstractControllerTest { private static Logger logger = LoggerFactory.getLogger(LdapAuthenticatorTest.class); diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java index 4cfdb0e50a..54e25f4f0e 100644 --- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java +++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java @@ -41,12 +41,12 @@ import org.springframework.test.context.junit4.SpringRunner; properties = { "security.authentication.type=LDAP", "security.authentication.ldap.user.admin=read-only-admin", - "ldap.urls=ldap://ldap.forumsys.com:389/", - "ldap.base.dn=dc=example,dc=com", - "ldap.username=cn=read-only-admin,dc=example,dc=com", - "ldap.password=password", - "ldap.user.identity.attribute=uid", - "ldap.user.email.attribute=mail", + "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/", + "security.authentication.ldap.base.dn=dc=example,dc=com", + "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com", + "security.authentication.ldap.password=password", + "security.authentication.ldap.user.identity.attribute=uid", + "security.authentication.ldap.user.email.attribute=mail", }) public class LdapServiceTest { @Autowired diff --git a/dolphinscheduler-standalone-server/src/main/resources/application.yaml b/dolphinscheduler-standalone-server/src/main/resources/application.yaml index d379a04d72..d968090e46 100644 --- a/dolphinscheduler-standalone-server/src/main/resources/application.yaml +++ b/dolphinscheduler-standalone-server/src/main/resources/application.yaml @@ -86,6 +86,22 @@ registry: block-until-connected: 600ms digest: ~ +security: + authentication: + # Authentication types (supported types: PASSWORD,LDAP) + type: PASSWORD + # IF you set type `LDAP`, below config will be effective + ldap: + # admin userId + user.admin: read-only-admin + # ldap server config + urls: ldap://ldap.forumsys.com:389/ + base.dn: dc=example,dc=com + username: cn=read-only-admin,dc=example,dc=com + password: password + user.identity.attribute: uid + user.email.attribute: mail + master: listen-port: 5678 # master fetch command num