-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Improvement-16106] Add the "memberOf" attributes to identify ADMIN users. #16105
base: dev
Are you sure you want to change the base?
Conversation
raised improvement request #16106 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please run mvn spotless:apply
to format code.
...eduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
Outdated
Show resolved
Hide resolved
…" can be used together or uniquely.
Improved feature by replacing "admin-attribute" and "admin-value" with "admin-filter" so a filter check is applied to find admin users. This will enabled different LDAP setup for ROLES. The filter makes it very generic to identify the ADMIN role For the "ldap.forumsys.com" were we make all scientist admins security.authentication.ldap.user.admin-filter=(&(ou=scientists)(uniqueMember=uid={0},dc=example,dc=com)) to the use of "memberOf" assigning of roles. security.authentication.ldap.user.admin-filter=(&(sAMAccountName={0})(memberOf=CN=admin,OU=dolphin,DC=example,DC=com) |
...eduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
Outdated
Show resolved
Hide resolved
...eduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
Outdated
Show resolved
Hide resolved
Co-authored-by: xiangzihao <[email protected]>
remove redundant security.authentication.ldap.filter property. Not required.
Co-authored-by: xiangzihao <[email protected]>
Co-authored-by: xiangzihao <[email protected]>
| api.traffic.control.tenant-switch | false | traffic control tenant switch | | ||
| api.traffic.control.default-tenant-qps-rate | 10 | default tenant max request number per second | | ||
| api.traffic.control.customize-tenant-qps-rate | | customize tenant max request number per second | | ||
| Parameters | Default value | Description | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please avoid unnessnary change.
run spotless
Purpose of the pull request
close #16106
Brief change log
Verify this pull request
This pull request is code cleanup without any test coverage.
(or)
This pull request is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(or)
If your pull request contain incompatible change, you should also add it to
docs/docs/en/guide/upgrede/incompatible.md