[enhancement](ldap) optimize LDAP authentication. (#11948)

* [enhancement](ldap) optimize LDAP authentication. 1. Support caching LDAP user information. 2. HTTP authentication supports LDAP. 3. LDAP temporary users support default user property. 4. LDAP configuration supports the `admin show config` and `admin set config` commands.
2022-08-24 17:08:14 +08:00
parent d87ab69ead
commit b619bb2000
21 changed files with 593 additions and 242 deletions
--- a/docs/en/docs/admin-manual/privilege-ldap/ldap.md
+++ b/docs/en/docs/admin-manual/privilege-ldap/ldap.md
@ -171,5 +171,3 @@ If jack also belongs to the LDAP groups doris_qa, doris_pm; Doris exists roles:
 ## Limitations of LDAP authentication

 * The current LDAP feature of Doris only supports plaintext password authentication, that is, when a user logs in, the password is transmitted in plaintext between client and fe and between fe and LDAP service.
-* The current LDAP authentication only supports password authentication under mysql protocol. If you use the Http interface, you cannot use LDAP users for authentication.
-* Temporary users do not have user properties.
--- a/docs/zh-CN/docs/admin-manual/privilege-ldap/ldap.md
+++ b/docs/zh-CN/docs/admin-manual/privilege-ldap/ldap.md
@ -188,5 +188,3 @@ member: uid=jack,ou=aidp,dc=domain,dc=com
 ## LDAP验证的局限

 - 目前Doris的LDAP功能只支持明文密码验证，即用户登录时，密码在client与fe之间、fe与LDAP服务之间以明文的形式传输。
- 当前的LDAP验证只支持在mysql协议下进行密码验证，如果使用Http接口则无法使用LDAP用户进行验证。
- 临时用户不具有用户属性。