Browse Source

[Fix-10425]Recovery LDAP Config (#10429)

* recovery ladp code

* add ldap config in doc
3.1.0-release
旺阳 2 years ago committed by GitHub
parent
commit
0efcd5c631
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 8
      docs/docs/en/architecture/configuration.md
  2. 7
      docs/docs/zh/architecture/configuration.md
  3. 12
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
  4. 16
      dolphinscheduler-api/src/main/resources/application.yaml
  5. 12
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
  6. 12
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
  7. 16
      dolphinscheduler-standalone-server/src/main/resources/application.yaml

8
docs/docs/en/architecture/configuration.md

@ -219,7 +219,13 @@ spring.messages.encoding|UTF-8| message encoding
spring.jackson.time-zone|GMT+8| time zone spring.jackson.time-zone|GMT+8| time zone
spring.messages.basename|i18n/messages| i18n config spring.messages.basename|i18n/messages| i18n config
security.authentication.type|PASSWORD| authentication type security.authentication.type|PASSWORD| authentication type
security.authentication.ldap.user.admin|read-only-admin|admin user account when you log-in with LDAP
security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls
security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn
security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP username
security.authentication.ldap.password|password|LDAP password
security.authentication.ldap.user.identity.attribute|uid|LDAP user identity attribute
security.authentication.ldap.user.email.attribute|mail|LDAP user email attribute
### master.properties [master-service log config] ### master.properties [master-service log config]

7
docs/docs/zh/architecture/configuration.md

@ -210,6 +210,13 @@ spring.messages.encoding|UTF-8|请求编码
spring.jackson.time-zone|GMT+8|设置时区 spring.jackson.time-zone|GMT+8|设置时区
spring.messages.basename|i18n/messages|i18n配置 spring.messages.basename|i18n/messages|i18n配置
security.authentication.type|PASSWORD|权限校验类型 security.authentication.type|PASSWORD|权限校验类型
security.authentication.ldap.user.admin|read-only-admin|LDAP登陆时,系统管理员账号
security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls
security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn
security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP账号
security.authentication.ldap.password|password|LDAP密码
security.authentication.ldap.user.identity.attribute|uid|LDAP用户身份标识字段名
security.authentication.ldap.user.email.attribute|mail|LDAP邮箱字段名
## 6.master.properties [Master服务配置] ## 6.master.properties [Master服务配置]

12
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java

@ -45,22 +45,22 @@ public class LdapService {
@Value("${security.authentication.ldap.user.admin:null}") @Value("${security.authentication.ldap.user.admin:null}")
private String adminUserId; private String adminUserId;
@Value("${ldap.urls:null}") @Value("${security.authentication.ldap.urls:null}")
private String ldapUrls; private String ldapUrls;
@Value("${ldap.base.dn:null}") @Value("${security.authentication.ldap.base.dn:null}")
private String ldapBaseDn; private String ldapBaseDn;
@Value("${ldap.username:null}") @Value("${security.authentication.ldap.username:null}")
private String ldapSecurityPrincipal; private String ldapSecurityPrincipal;
@Value("${ldap.password:null}") @Value("${security.authentication.ldap.password:null}")
private String ldapPrincipalPassword; private String ldapPrincipalPassword;
@Value("${ldap.user.identity.attribute:null}") @Value("${security.authentication.ldap.user.identity.attribute:null}")
private String ldapUserIdentifyingAttribute; private String ldapUserIdentifyingAttribute;
@Value("${ldap.user.email.attribute:null}") @Value("${security.authentication.ldap.user.email.attribute:null}")
private String ldapEmailAttribute; private String ldapEmailAttribute;
/*** /***

16
dolphinscheduler-api/src/main/resources/application.yaml

@ -128,6 +128,22 @@ python-gateway:
# (0 = infinite), and socket server would never close even though no requests accept # (0 = infinite), and socket server would never close even though no requests accept
read-timeout: 0 read-timeout: 0
security:
authentication:
# Authentication types (supported types: PASSWORD,LDAP)
type: PASSWORD
# IF you set type `LDAP`, below config will be effective
ldap:
# admin userId
user.admin: read-only-admin
# ldap server config
urls: ldap://ldap.forumsys.com:389/
base.dn: dc=example,dc=com
username: cn=read-only-admin,dc=example,dc=com
password: password
user.identity.attribute: uid
user.email.attribute: mail
# Override by profile # Override by profile
--- ---

12
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java

@ -49,12 +49,12 @@ import org.springframework.test.context.TestPropertySource;
properties = { properties = {
"security.authentication.type=LDAP", "security.authentication.type=LDAP",
"security.authentication.ldap.user.admin=read-only-admin", "security.authentication.ldap.user.admin=read-only-admin",
"ldap.urls=ldap://ldap.forumsys.com:389/", "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/",
"ldap.base.dn=dc=example,dc=com", "security.authentication.ldap.base.dn=dc=example,dc=com",
"ldap.username=cn=read-only-admin,dc=example,dc=com", "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com",
"ldap.password=password", "security.authentication.ldap.password=password",
"ldap.user.identity.attribute=uid", "security.authentication.ldap.user.identity.attribute=uid",
"ldap.user.email.attribute=mail", "security.authentication.ldap.user.email.attribute=mail",
}) })
public class LdapAuthenticatorTest extends AbstractControllerTest { public class LdapAuthenticatorTest extends AbstractControllerTest {
private static Logger logger = LoggerFactory.getLogger(LdapAuthenticatorTest.class); private static Logger logger = LoggerFactory.getLogger(LdapAuthenticatorTest.class);

12
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java

@ -41,12 +41,12 @@ import org.springframework.test.context.junit4.SpringRunner;
properties = { properties = {
"security.authentication.type=LDAP", "security.authentication.type=LDAP",
"security.authentication.ldap.user.admin=read-only-admin", "security.authentication.ldap.user.admin=read-only-admin",
"ldap.urls=ldap://ldap.forumsys.com:389/", "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/",
"ldap.base.dn=dc=example,dc=com", "security.authentication.ldap.base.dn=dc=example,dc=com",
"ldap.username=cn=read-only-admin,dc=example,dc=com", "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com",
"ldap.password=password", "security.authentication.ldap.password=password",
"ldap.user.identity.attribute=uid", "security.authentication.ldap.user.identity.attribute=uid",
"ldap.user.email.attribute=mail", "security.authentication.ldap.user.email.attribute=mail",
}) })
public class LdapServiceTest { public class LdapServiceTest {
@Autowired @Autowired

16
dolphinscheduler-standalone-server/src/main/resources/application.yaml

@ -86,6 +86,22 @@ registry:
block-until-connected: 600ms block-until-connected: 600ms
digest: ~ digest: ~
security:
authentication:
# Authentication types (supported types: PASSWORD,LDAP)
type: PASSWORD
# IF you set type `LDAP`, below config will be effective
ldap:
# admin userId
user.admin: read-only-admin
# ldap server config
urls: ldap://ldap.forumsys.com:389/
base.dn: dc=example,dc=com
username: cn=read-only-admin,dc=example,dc=com
password: password
user.identity.attribute: uid
user.email.attribute: mail
master: master:
listen-port: 5678 listen-port: 5678
# master fetch command num # master fetch command num

Loading…
Cancel
Save