incubator-streampark icon indicating copy to clipboard operation
incubator-streampark copied to clipboard

Published 20 hours ago verified publisher icon apache

[Improve] Splitting ldap logic

Open MonsterChenzhuo opened this issue 2 years ago • 2 comments

Search before asking

  • [X] I had searched in the feature and found no similar feature requirement.

Description

图片 The above image is the login screen of a commercial software. I think ldap login and local user login, splitting the meeting will be more clear and better to use

Usage Scenario

Login Software

Related issues

No response

Are you willing to submit a PR?

  • [X] Yes I am willing to submit a PR!

Code of Conduct

MonsterChenzhuo avatar Oct 03 '22 02:10 MonsterChenzhuo

Because of the new TEAM logic【https://github.com/apache/incubator-streampark/issues/1629 】, which increases the complexity of splitting ldap. The following issues are derived

  1. whether the default user type of ldap user is admin or user
  2. how to bind the team of ldap user

MonsterChenzhuo avatar Oct 08 '22 13:10 MonsterChenzhuo

Hi @MonsterChenzhuo , thanks for your discussion.

When an ldap user logs into streampark for the first time, the ldap user will be mapped to a streampark user, right?

If yes.

whether the default user type of ldap user is admin or user?

The default user type is user which is better than admin because admin is the system administrator. It has all the permissions in StreamPark.

how to bind the team of ldap user

The first login is similar to registering a user without binding a team. After the first login, how about Admin manually bind the team?

In other words: just the registration process is different. Generally, the user is created on the platform, and the ldap user is created when logging in for the first time.

Please correct me if anything is wrong.

1996fanrui avatar Oct 08 '22 13:10 1996fanrui

你说的没有问题,但是可以想象一下,每一个要登陆的用户先要登陆失败一下,然后在对应绑定,这样体验不是很好。 ldap需要做一个组和team进行映射。 这样会更好,进入直接绑定到事先预设好的team下 所以,这个issues会分为两个pr: 1.拆分本地用户登陆和ldap登陆 @MonsterChenzhuo来完成 2.做ldap组和team组映射 @lysgithub0302 来完成,他在自如内做了大量这方面的工作,很有经验 针对这个逻辑的细节会由@lysgithub0302在当前issues 进行描述,如何实现 3.前端页面逻辑和样式的变更@lysgithub0302 @wolfboys 或者其他有能力的人,可以进行开发 There is no problem with what you said, but imagine that each user who wants to log in first has to log in and fail a bit, and then in the corresponding binding, so the experience is not very good. ldap needs to do a group and team for mapping. This will be better, into the direct binding to the pre-defined team under So, this issues will be divided into two pr.

  1. split local user login and ldap login @MonsterChenzhuo to complete
  2. do ldap group and team group mapping @lysgithub0302 to complete, he has done a lot of work in this area within the self-image, very experienced
  3. front-end page logic and style changes @lysgithub0302 @wolfboys or others who have the ability to develop

@wolfboys @1996fanrui Have you decided that this is okay?

MonsterChenzhuo avatar Oct 13 '22 07:10 MonsterChenzhuo

Hi @MonsterChenzhuo LTGM, thanks for your great idea!

1996fanrui avatar Oct 13 '22 11:10 1996fanrui