ldap auto register (#1895)

vesoft-inc · Feb 3, 2023 · 5cca158 · 5cca158
1 parent 0adc4e3
commit 5cca158
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/docs-2.0/nebula-dashboard-ent/5.account-management.md b/docs-2.0/nebula-dashboard-ent/5.account-management.md
@@ -58,6 +58,10 @@ Accounts with `admin` roles can create other accounts. The steps are as follows:
 
  - Invite (LDAP or OAuth2.0 accounts): Set the invitee's account type, enterprise email and role. After the invitee clicks the **Accept** button in the email to activate the account, the invitee needs to click **Login** to automatically jump to the Dashboard Enterprise Edition login page. The invitee can log into Dashboard with his/her enterprise email account and password.
 
+ !!! note
+
+  Automatic registration is also supported after LDAP is enabled. When you enter an unregistered account in LDAP mode on the login page, the Dashboard automatically registers the account, but the role permission is `user`.
+
  - Create Account (general accounts): Set the login name, password, and role for the new account. For information about roles, see the above content.
 
 ## View accounts

diff --git a/docs-2.0/nebula-dashboard-ent/system-settings/single-sign-on.md b/docs-2.0/nebula-dashboard-ent/system-settings/single-sign-on.md
@@ -25,6 +25,14 @@ NebulaGraph Dashboard Enterprise Edition supports general accounts, LDAP account
 |`User Filter` | `&(objectClass=*)` | Set a filter to LDAP search queries. |
 |`Email Key` | `mail`| Set the field name used to restore email in LDAP. |
 
+### Instruction
+
+After LDAP is enabled, you can register an LDAP account in two ways:
+
+- [Email invitation](../5.account-management.md): When creating an account on the **Members** page, you can invite others to register by email. The advantage is that you can set the role permissions of the account.
+
+- Automatic registration: When you enter an unregistered account in LDAP mode on the login page, the Dashboard automatically registers the account, but the [role permission](../5.account-management.md) is `user`.
+
 ## OAuth2.0 configuration
 
 !!! caution
@@ -49,3 +57,7 @@ NebulaGraph Dashboard Enterprise Edition supports general accounts, LDAP account
 |`Username Key` | `email`| The key of user name. |
 |`Organization` | `vesoft company` | The organization name. |
 |`Requested scopes for OAuth`| `email`| Scope of OAuth permissions. The scope of permissions needs to be a subset of the scope configured by the vendor's OAuth2.0 platform, otherwise, the request will fail. Make sure the `Username Key` is accessible within the requested scope. |
+
+### Instruction
+
+After OAuth2.0 is enabled, you can invite others to register by [email](../5.account-management.md).