You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/05/28 18:12:02 UTC
[GitHub] [dolphinscheduler] EricGao888 opened a new issue, #10274: [Bug] [LDAP] DS LDAP authenticator is hard to use
EricGao888 opened a new issue, #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274
### Search before asking
- [X] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar issues.
### What happened
* Currently, DS LDAP authenticator is very hard to use. In most situations, it does not work at all.
### What you expected to happen
* First, current DS LDAP authenticator needs LDAP `administrator credentials`, and then search the accurate DN of the login user. This is unnecessary and inconvenient for DS users, sometimes making users confused. Users should provide accurate DN and DS LDAP authenticator will verify the `LDAP user` directly. https://github.com/apache/dolphinscheduler/blob/62b85b9cb3110290519966743c40d0f40ce6af3b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java#L45-L64
* DS LDAP authenticator relies on `LDAP email attribute` to verify `LDAP user`. But sometimes there is no such attribute on LDAP side. https://github.com/apache/dolphinscheduler/blob/62b85b9cb3110290519966743c40d0f40ce6af3b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java#L92-L112
* `InitialLDAPContext` is not closed and will take unnecessary resources.
### How to reproduce
* Already described above.
### Anything else
_No response_
### Version
dev
### Are you willing to submit PR?
- [X] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] github-actions[bot] commented on issue #10274: [Bug] [LDAP] DS LDAP authenticator needs improvements
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1192056365
This issue has been automatically marked as stale because it has not had recent activity for 30 days. It will be closed in next 7 days if no further activity occurs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] [Bug] [LDAP] DS LDAP authenticator needs improvements [dolphinscheduler]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] closed issue #10274: [Bug] [LDAP] DS LDAP authenticator needs improvements
URL: https://github.com/apache/dolphinscheduler/issues/10274
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] EricGao888 commented on issue #10274: [Bug] [LDAP] DS LDAP authenticator needs improvements
Posted by GitBox <gi...@apache.org>.
EricGao888 commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1192059417
No stale, I'm coming for ya!🤣
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] EricGao888 commented on issue #10274: [Bug] [LDAP] DS LDAP authenticator needs improvements
Posted by GitBox <gi...@apache.org>.
EricGao888 commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1140431540
Here is an example for two kinds of LDAP configurations which `Apache Airflow` is using:
![image](https://user-images.githubusercontent.com/34905992/170866316-998fa4b5-4a5f-4f59-b978-a6c2e6cd202b.png)
Click [here](https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap) for more information.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] github-actions[bot] commented on issue #10274: [Bug] [LDAP] DS LDAP authenticator is hard to use
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1140307966
Thank you for your feedback, we have received your issue, Please wait patiently for a reply.
* In order for us to understand your request as soon as possible, please provide detailed information、version or pictures.
* If you haven't received a reply for a long time, you can [join our slack](https://join.slack.com/t/asf-dolphinscheduler/shared_invite/zt-omtdhuio-_JISsxYhiVsltmC5h38yfw) and send your question to channel `#troubleshooting`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] [Bug] [LDAP] DS LDAP authenticator needs improvements [dolphinscheduler]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1958437258
This issue has been automatically marked as stale because it has not had recent activity for 30 days. It will be closed in next 7 days if no further activity occurs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] EricGao888 commented on issue #10274: [Bug] [LDAP] DS LDAP authenticator needs improvements
Posted by GitBox <gi...@apache.org>.
EricGao888 commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1192470958
> Hi @EricGao888 , I'd like to submit a PR.
@huage1994 Sure, thx for helping out~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] huage1994 commented on issue #10274: [Bug] [LDAP] DS LDAP authenticator needs improvements
Posted by GitBox <gi...@apache.org>.
huage1994 commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1192469074
Hi @EricGao888 , I'd like to submit a PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] EricGao888 commented on issue #10274: [Bug] [LDAP] DS LDAP authenticator needs improvements
Posted by GitBox <gi...@apache.org>.
EricGao888 commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1161370255
For the approach which does not need `administrator` password and username, you could try this command to test the authentication `ldapsearch -v -h ip:port -D uid=xxx,ou=xxxx,o=xxx -w login_user_passoword -x -b ou=xxx,o=xxx` @liqingwang
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] [Bug] [LDAP] DS LDAP authenticator needs improvements [dolphinscheduler]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #10274:
URL: https://github.com/apache/dolphinscheduler/issues/10274#issuecomment-1989683739
This issue has been closed because it has not received response for too long time. You could reopen it if you encountered similar problems in the future.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org