EricGao888 opened a new issue, #10274: URL: https://github.com/apache/dolphinscheduler/issues/10274
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar issues. ### What happened * Currently, DS LDAP authenticator is very hard to use. In most situations, it does not work at all. ### What you expected to happen * First, current DS LDAP authenticator needs LDAP `administrator credentials`, and then search the accurate DN of the login user. This is unnecessary and inconvenient for DS users, sometimes making users confused. Users should provide accurate DN and DS LDAP authenticator will verify the `LDAP user` directly. https://github.com/apache/dolphinscheduler/blob/62b85b9cb3110290519966743c40d0f40ce6af3b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java#L45-L64 * DS LDAP authenticator relies on `LDAP email attribute` to verify `LDAP user`. But sometimes there is no such attribute on LDAP side. https://github.com/apache/dolphinscheduler/blob/62b85b9cb3110290519966743c40d0f40ce6af3b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java#L92-L112 * `InitialLDAPContext` is not closed and will take unnecessary resources. ### How to reproduce * Already described above. ### Anything else _No response_ ### Version dev ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
