SbloodyS commented on code in PR #16105:
URL:
https://github.com/apache/dolphinscheduler/pull/16105#discussion_r1632500907
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java:
##########
@@ -46,6 +50,11 @@
@Slf4j
public class LdapService {
+ private static final Logger logger =
LoggerFactory.getLogger(LdapService.class);
Review Comment:
We don't need this since `@Slf4j` already exists.
##########
dolphinscheduler-api/src/test/resources/application.yaml:
##########
@@ -105,8 +105,11 @@ security:
username: cn=read-only-admin,dc=example,dc=com
password: password
user:
- # admin userId when you use LDAP login
+ # admin userId when you use LDAP login. Properties admin are
admin-filter are not mutually exclusive
+ # were ONE uses can be identified by userId and the rest using a role
based filter
admin: read-only-admin
+ # alternative to admin using a ROLE when you use LDAP login, all
scientists are admin users
Review Comment:
```suggestion
# filter admin users by groups. eg, all scientists are admin users
```
##########
docs/docs/en/architecture/configuration.md:
##########
@@ -242,43 +242,45 @@ The default configuration is as follows:
Location: `api-server/conf/application.yaml`
-| Parameters | Default
value | Description
|
-|-------------------------------------------------------|--------------------------------------|------------------------------------------------------------------------------------------------|
-| server.port | 12345
| api service communication port
|
-| server.servlet.session.timeout | 120m
| session timeout
|
-| server.servlet.context-path | /dolphinscheduler/
| request path
|
-| spring.servlet.multipart.max-file-size | 1024MB
| maximum file size
|
-| spring.servlet.multipart.max-request-size | 1024MB
| maximum request size
|
-| server.jetty.max-http-post-size | 5000000
| jetty maximum post size
|
-| spring.banner.charset | UTF-8
| message encoding
|
-| spring.jackson.time-zone | UTC
| time zone
|
-| spring.jackson.date-format | "yyyy-MM-dd
HH:mm:ss" | time format
|
-| spring.messages.basename | i18n/messages
| i18n config
|
-| security.authentication.type | PASSWORD
| authentication type
|
-| security.authentication.ldap.user.admin | read-only-admin
| admin user account when you log-in with LDAP
|
-| security.authentication.ldap.urls |
ldap://ldap.forumsys.com:389/ | LDAP urls
|
-| security.authentication.ldap.base.dn | dc=example,dc=com
| LDAP base dn
|
-| security.authentication.ldap.username |
cn=read-only-admin,dc=example,dc=com | LDAP username
|
-| security.authentication.ldap.password | password
| LDAP password
|
-| security.authentication.ldap.user.identity-attribute | uid
| LDAP user identity attribute
|
-| security.authentication.ldap.user.email-attribute | mail
| LDAP user email attribute
|
-| security.authentication.ldap.user.not-exist-action | CREATE
| action when ldap user is not exist,default value: CREATE.
Optional values include(CREATE,DENY) |
-| security.authentication.ldap.ssl.enable | false
| LDAP ssl switch
|
-| security.authentication.ldap.ssl.trust-store | ldapkeystore.jks
| LDAP jks file absolute path
|
-| security.authentication.ldap.ssl.trust-store-password | password
| LDAP jks password
|
-| security.authentication.casdoor.user.admin |
| admin user account when you log-in with Casdoor
|
-| casdoor.endpoint |
| Casdoor server url
|
-| casdoor.client-id |
| id in Casdoor
|
-| casdoor.client-secret |
| secret in Casdoor
|
-| casdoor.certificate |
| certificate in Casdoor
|
-| casdoor.organization-name |
| organization name in Casdoor
|
-| casdoor.application-name |
| application name in Casdoor
|
-| casdoor.redirect-url |
| doplhinscheduler login url
|
-| api.traffic.control.global.switch | false
| traffic control global switch
|
-| api.traffic.control.max-global-qps-rate | 300
| global max request number per second
|
-| api.traffic.control.tenant-switch | false
| traffic control tenant switch
|
-| api.traffic.control.default-tenant-qps-rate | 10
| default tenant max request number per second
|
-| api.traffic.control.customize-tenant-qps-rate |
| customize tenant max request number per second
|
+| Parameters | Default value
| Description
|
+|-------------------------------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|
+| server.port | 12345
| api service communication
port
|
+| server.servlet.session.timeout | 120m
| session timeout
|
+| server.servlet.context-path | /dolphinscheduler/
| request path
|
+| spring.servlet.multipart.max-file-size | 1024MB
| maximum file size
|
+| spring.servlet.multipart.max-request-size | 1024MB
| maximum request size
|
+| server.jetty.max-http-post-size | 5000000
| jetty maximum post size
|
+| spring.banner.charset | UTF-8
| message encoding
|
+| spring.jackson.time-zone | UTC
| time zone
|
+| spring.jackson.date-format | "yyyy-MM-dd
HH:mm:ss" | time format
|
+| spring.messages.basename | i18n/messages
| i18n config
|
Review Comment:
Please avoid unnessnary change.
##########
dolphinscheduler-api/src/test/resources/application.yaml:
##########
@@ -105,8 +105,11 @@ security:
username: cn=read-only-admin,dc=example,dc=com
password: password
user:
- # admin userId when you use LDAP login
+ # admin userId when you use LDAP login. Properties admin are
admin-filter are not mutually exclusive
+ # were ONE uses can be identified by userId and the rest using a role
based filter
admin: read-only-admin
+ # alternative to admin using a ROLE when you use LDAP login, all
scientists are admin users
+ admin-filer: (&(ou=scientists)(uniqueMember=uid={0},dc=example,dc=com))
Review Comment:
```suggestion
admin-filter:
(&(ou=scientists)(uniqueMember=uid={0},dc=example,dc=com))
```
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java:
##########
@@ -55,6 +64,9 @@ public class LdapService {
@Value("${security.authentication.ldap.base-dn:#{null}}")
private String ldapBaseDn;
+ @Value("${security.authentication.ldap.filter:#{null}}")
+ private String ldapFilter;
Review Comment:
What is this used for?
##########
dolphinscheduler-api/src/test/resources/application.yaml:
##########
@@ -105,8 +105,11 @@ security:
username: cn=read-only-admin,dc=example,dc=com
password: password
user:
- # admin userId when you use LDAP login
+ # admin userId when you use LDAP login. Properties admin are
admin-filter are not mutually exclusive
+ # were ONE uses can be identified by userId and the rest using a role
based filter
Review Comment:
```suggestion
# One uses can be identified by userId and the rest using a role
based filter
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
