You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by li...@apache.org on 2022/06/18 13:53:49 UTC
[dolphinscheduler] 12/16: [Fix-10425]Recovery LDAP Config (#10429)
This is an automated email from the ASF dual-hosted git repository.
liudongkai pushed a commit to branch 3.0.0-beta-2-prepare
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
commit 55e39eedfa5339177f125ee074e778e114e380dd
Author: 旺阳 <qi...@cisco.com>
AuthorDate: Wed Jun 15 09:52:37 2022 +0800
[Fix-10425]Recovery LDAP Config (#10429)
* recovery ladp code
* add ldap config in doc
(cherry picked from commit 0efcd5c6317c9e12c172103a4ed6df0cdcda027d)
---
docs/docs/en/architecture/configuration.md | 8 +++++++-
docs/docs/zh/architecture/configuration.md | 9 ++++++++-
.../api/security/impl/ldap/LdapService.java | 12 ++++++------
dolphinscheduler-api/src/main/resources/application.yaml | 16 ++++++++++++++++
.../api/security/impl/ldap/LdapAuthenticatorTest.java | 12 ++++++------
.../api/security/impl/ldap/LdapServiceTest.java | 12 ++++++------
.../src/main/resources/application.yaml | 16 ++++++++++++++++
7 files changed, 65 insertions(+), 20 deletions(-)
diff --git a/docs/docs/en/architecture/configuration.md b/docs/docs/en/architecture/configuration.md
index 0f1df00372..85a45d0ab4 100644
--- a/docs/docs/en/architecture/configuration.md
+++ b/docs/docs/en/architecture/configuration.md
@@ -218,7 +218,13 @@ spring.messages.encoding|UTF-8| message encoding
spring.jackson.time-zone|GMT+8| time zone
spring.messages.basename|i18n/messages| i18n config
security.authentication.type|PASSWORD| authentication type
-
+security.authentication.ldap.user.admin|read-only-admin|admin user account when you log-in with LDAP
+security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls
+security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn
+security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP username
+security.authentication.ldap.password|password|LDAP password
+security.authentication.ldap.user.identity.attribute|uid|LDAP user identity attribute
+security.authentication.ldap.user.email.attribute|mail|LDAP user email attribute
### master.properties [master-service log config]
diff --git a/docs/docs/zh/architecture/configuration.md b/docs/docs/zh/architecture/configuration.md
index 14f79f1344..7bcf697f34 100644
--- a/docs/docs/zh/architecture/configuration.md
+++ b/docs/docs/zh/architecture/configuration.md
@@ -209,6 +209,13 @@ spring.messages.encoding|UTF-8|请求编码
spring.jackson.time-zone|GMT+8|设置时区
spring.messages.basename|i18n/messages|i18n配置
security.authentication.type|PASSWORD|权限校验类型
+security.authentication.ldap.user.admin|read-only-admin|LDAP登陆时,系统管理员账号
+security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls
+security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn
+security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP账号
+security.authentication.ldap.password|password|LDAP密码
+security.authentication.ldap.user.identity.attribute|uid|LDAP用户身份标识字段名
+security.authentication.ldap.user.email.attribute|mail|LDAP邮箱字段名
## 6.master.properties [Master服务配置]
@@ -380,7 +387,7 @@ singleYarnIp="yarnIp1"
resourceUploadPath="/dolphinscheduler"
-# HDFS/S3 操作用户
+# HDFS/S3 操作用户
hdfsRootUser="hdfs"
# 以下为 kerberos 配置
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
index 9f4fd1f0ae..35abb11479 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
@@ -45,22 +45,22 @@ public class LdapService {
@Value("${security.authentication.ldap.user.admin:null}")
private String adminUserId;
- @Value("${ldap.urls:null}")
+ @Value("${security.authentication.ldap.urls:null}")
private String ldapUrls;
- @Value("${ldap.base.dn:null}")
+ @Value("${security.authentication.ldap.base.dn:null}")
private String ldapBaseDn;
- @Value("${ldap.username:null}")
+ @Value("${security.authentication.ldap.username:null}")
private String ldapSecurityPrincipal;
- @Value("${ldap.password:null}")
+ @Value("${security.authentication.ldap.password:null}")
private String ldapPrincipalPassword;
- @Value("${ldap.user.identity.attribute:null}")
+ @Value("${security.authentication.ldap.user.identity.attribute:null}")
private String ldapUserIdentifyingAttribute;
- @Value("${ldap.user.email.attribute:null}")
+ @Value("${security.authentication.ldap.user.email.attribute:null}")
private String ldapEmailAttribute;
/***
diff --git a/dolphinscheduler-api/src/main/resources/application.yaml b/dolphinscheduler-api/src/main/resources/application.yaml
index 59e28b5064..366457f504 100644
--- a/dolphinscheduler-api/src/main/resources/application.yaml
+++ b/dolphinscheduler-api/src/main/resources/application.yaml
@@ -128,6 +128,22 @@ python-gateway:
# (0 = infinite), and socket server would never close even though no requests accept
read-timeout: 0
+security:
+ authentication:
+ # Authentication types (supported types: PASSWORD,LDAP)
+ type: PASSWORD
+ # IF you set type `LDAP`, below config will be effective
+ ldap:
+ # admin userId
+ user.admin: read-only-admin
+ # ldap server config
+ urls: ldap://ldap.forumsys.com:389/
+ base.dn: dc=example,dc=com
+ username: cn=read-only-admin,dc=example,dc=com
+ password: password
+ user.identity.attribute: uid
+ user.email.attribute: mail
+
# Override by profile
---
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
index d427eaf2a9..ba0f72a039 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
@@ -50,12 +50,12 @@ import org.springframework.test.context.TestPropertySource;
properties = {
"security.authentication.type=LDAP",
"security.authentication.ldap.user.admin=read-only-admin",
- "ldap.urls=ldap://ldap.forumsys.com:389/",
- "ldap.base.dn=dc=example,dc=com",
- "ldap.username=cn=read-only-admin,dc=example,dc=com",
- "ldap.password=password",
- "ldap.user.identity.attribute=uid",
- "ldap.user.email.attribute=mail",
+ "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/",
+ "security.authentication.ldap.base.dn=dc=example,dc=com",
+ "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com",
+ "security.authentication.ldap.password=password",
+ "security.authentication.ldap.user.identity.attribute=uid",
+ "security.authentication.ldap.user.email.attribute=mail",
})
public class LdapAuthenticatorTest extends AbstractControllerTest {
private static Logger logger = LoggerFactory.getLogger(LdapAuthenticatorTest.class);
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
index 4cfdb0e50a..54e25f4f0e 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
@@ -41,12 +41,12 @@ import org.springframework.test.context.junit4.SpringRunner;
properties = {
"security.authentication.type=LDAP",
"security.authentication.ldap.user.admin=read-only-admin",
- "ldap.urls=ldap://ldap.forumsys.com:389/",
- "ldap.base.dn=dc=example,dc=com",
- "ldap.username=cn=read-only-admin,dc=example,dc=com",
- "ldap.password=password",
- "ldap.user.identity.attribute=uid",
- "ldap.user.email.attribute=mail",
+ "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/",
+ "security.authentication.ldap.base.dn=dc=example,dc=com",
+ "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com",
+ "security.authentication.ldap.password=password",
+ "security.authentication.ldap.user.identity.attribute=uid",
+ "security.authentication.ldap.user.email.attribute=mail",
})
public class LdapServiceTest {
@Autowired
diff --git a/dolphinscheduler-standalone-server/src/main/resources/application.yaml b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
index 3ea980e67b..4640ce71ba 100644
--- a/dolphinscheduler-standalone-server/src/main/resources/application.yaml
+++ b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
@@ -86,6 +86,22 @@ registry:
block-until-connected: 600ms
digest: ~
+security:
+ authentication:
+ # Authentication types (supported types: PASSWORD,LDAP)
+ type: PASSWORD
+ # IF you set type `LDAP`, below config will be effective
+ ldap:
+ # admin userId
+ user.admin: read-only-admin
+ # ldap server config
+ urls: ldap://ldap.forumsys.com:389/
+ base.dn: dc=example,dc=com
+ username: cn=read-only-admin,dc=example,dc=com
+ password: password
+ user.identity.attribute: uid
+ user.email.attribute: mail
+
master:
listen-port: 5678
# master fetch command num