LDAP

LDAP (Lightweight Directory Access Protocol) configuration, after the default installation and deployment, only supports configured static user and password login (only one can be configured), if you need to support multi-user login, you can use LDAP

The default way to configure linkis-mg-gateway.properties

  1. #default username
  2. wds.linkis.admin.user=hadoop
  3. #default password 
  4. wds.linkis.admin.password=123456

org.apache.linkis.gateway.security.UserPwdAbstractUserRestful#tryLogin during login request processing, If the login user name/user password is inconsistent with the configured default value, LDAP mode will be used. LDAP core processing org.apache.linkis.gateway.security.LDAPUserRestful#login is authenticated by calling jdk general ldap tool class. javax.naming.ldap.InitialLdapContext#InitialLdapContext(java.util.Hashtable<?,?>, javax.naming.ldap.Control[])

The premise is that there is an available LDAP service

Modify linkis-mg-gateway.properties configuration

Fill in LDAP related parameters

  1. ##LDAP
  2. #ldap service address
  3. wds.linkis.ldap.proxy.url=ldap://localhost:1389/
  4. #Directory Name(DN) Directory composition of ldap
  5. wds.linkis.ldap.proxy.baseDN==dc=linkis,dc=org
  6. #Username formatting Generally, no configuration is required
  7. wds.linkis.ldap.proxy.userNameFormat=

After modifying the configuration, you need to restart the linkis-mg-gateway service sh sbin/linkis-daemon.sh start mg-mgtaeway to take effect

  • The authentication type uses the simple mode in java.naming.security.authentication (security type, three values: none, simple or strong.)

  • For the introduction of ldap, please refer to [LDAP directory server introduction] (https://juejin.cn/post/6844903857311449102)