[Doc][Module Name] ldap missing OU configuration

[ixiaoyi93]

Search before asking

• [X] I had searched in the issues and found no similar feature requirement.

Description

By checking the Official Documentation Api-server Configuration ,we know the following LDAP configuration items, as shown in the figure below:

Is the User search base path missing, the startup from the officially documented configuration reports an error and can't find any users.

Documentation Links

No response

Are you willing to submit a PR?

• [ ] Yes I am willing to submit a PR!

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[ruanwenjun]

Please provide the error log.

[ixiaoyi93]

@ruanwenjun Sorry, it was a misconfiguration on my part before.After modifying the configuration, my ldap user was able to log in to dolphinscheduler. but my admin account admin was never able to log in, I tried the ldap admin user password as well as the local password.

The ldap configuration is as follows:

security:
  authentication:
    # Authentication types (supported types: PASSWORD,LDAP,CASDOOR_SSO)
    type: LDAP
    # IF you set type `LDAP`, below config will be effective
    ldap:
      # ldap server config
      urls: ldap://192.168.246.8:389/
      base-dn: dc=alphalawyer,dc=cn
      username: cn=admin,dc=alphalawyer,dc=cn
      password: xxxxxx
      user:
        # admin userId when you use LDAP login
        admin: admin
        identity-attribute: uid
        email-attribute: mail
        # action when ldap user is not exist (supported types: CREATE,DENY)
        not-exist-action: CREATE
      ssl:
        enable: false
        # jks file absolute path && password
        trust-store: "/ldapkeystore.jks"
        trust-store-password: "password"

The logs are shown below：

$ tail -f api-server/logs/dolphinscheduler-api.log 
[ERROR] 2024-05-27 10:14:49.625 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[ERROR] 2024-05-27 10:15:08.373 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[ERROR] 2024-05-27 10:15:15.386 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[INFO] 2024-05-27 10:15:42.157 +0800 o.a.d.a.s.i.AbstractAuthenticator:[101] - Session is created, userName:yangsheng.
[ERROR] 2024-05-27 10:17:44.941 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[ERROR] 2024-05-27 10:17:46.543 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[ERROR] 2024-05-27 10:17:46.754 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[ERROR] 2024-05-27 10:17:53.689 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[ERROR] 2024-05-27 10:18:19.908 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.
[ERROR] 2024-05-27 10:18:43.585 +0800 o.a.d.a.s.i.AbstractAuthenticator:[78] - Username or password entered incorrectly.

My ldap user yangsheng is able to log in, but it doesn't have admin rights. I want to have an admin user to manage it, but I realized that I can't log in with the admin account now, how can I troubleshoot this?

[ruanwenjun]

You may need to check if your admin username/password is correct in ldap, or you need to debug at LdapService, this class also need to add more debug log.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity for 30 days. It will be closed in next 7 days if no further activity occurs.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity for 30 days. It will be closed in next 7 days if no further activity occurs.

[github-actions[bot]]

This issue has been closed because it has not received response for too long time. You could reopen it if you encountered similar problems in the future.