Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap auto register #1895

Merged
merged 1 commit into from
Feb 3, 2023
Merged

ldap auto register #1895

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs-2.0/nebula-dashboard-ent/5.account-management.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ Accounts with `admin` roles can create other accounts. The steps are as follows:

- Invite (LDAP or OAuth2.0 accounts): Set the invitee's account type, enterprise email and role. After the invitee clicks the **Accept** button in the email to activate the account, the invitee needs to click **Login** to automatically jump to the Dashboard Enterprise Edition login page. The invitee can log into Dashboard with his/her enterprise email account and password.

!!! note

Automatic registration is also supported after LDAP is enabled. When you enter an unregistered account in LDAP mode on the login page, the Dashboard automatically registers the account, but the role permission is `user`.

- Create Account (general accounts): Set the login name, password, and role for the new account. For information about roles, see the above content.

## View accounts
Expand Down
12 changes: 12 additions & 0 deletions docs-2.0/nebula-dashboard-ent/system-settings/single-sign-on.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,14 @@ NebulaGraph Dashboard Enterprise Edition supports general accounts, LDAP account
|`User Filter` | `&(objectClass=*)` | Set a filter to LDAP search queries. |
|`Email Key` | `mail`| Set the field name used to restore email in LDAP. |

### Instruction

After LDAP is enabled, you can register an LDAP account in two ways:

- [Email invitation](../5.account-management.md): When creating an account on the **Members** page, you can invite others to register by email. The advantage is that you can set the role permissions of the account.

- Automatic registration: When you enter an unregistered account in LDAP mode on the login page, the Dashboard automatically registers the account, but the [role permission](../5.account-management.md) is `user`.

## OAuth2.0 configuration

!!! caution
Expand All @@ -49,3 +57,7 @@ NebulaGraph Dashboard Enterprise Edition supports general accounts, LDAP account
|`Username Key` | `email`| The key of user name. |
|`Organization` | `vesoft company` | The organization name. |
|`Requested scopes for OAuth`| `email`| Scope of OAuth permissions. The scope of permissions needs to be a subset of the scope configured by the vendor's OAuth2.0 platform, otherwise, the request will fail. Make sure the `Username Key` is accessible within the requested scope. |

### Instruction

After OAuth2.0 is enabled, you can invite others to register by [email](../5.account-management.md).