From ffc68d39fa6089030895af8dd541b968c9640343 Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Wed, 15 Jun 2022 14:41:37 +0800
Subject: [PATCH 01/10] add ldap not exist action config

---
 docs/docs/en/architecture/configuration.md    |  1 +
 docs/docs/zh/architecture/configuration.md    |  2 +-
 .../security/LdapUserNotExistActionType.java  | 39 +++++++++++++++++++
 .../security/impl/ldap/LdapAuthenticator.java |  6 ++-
 .../api/security/impl/ldap/LdapService.java   | 16 ++++++++
 .../src/main/resources/application.yaml       |  2 +
 .../api/security/SecurityConfigLDAPTest.java  | 11 ++++++
 .../impl/ldap/LdapAuthenticatorTest.java      | 18 +++++++--
 .../security/impl/ldap/LdapServiceTest.java   |  1 +
 .../src/main/resources/application.yaml       |  2 +
 10 files changed, 92 insertions(+), 6 deletions(-)
 create mode 100644 dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java

diff --git a/docs/docs/en/architecture/configuration.md b/docs/docs/en/architecture/configuration.md
index eb97e8fa6013..8237d9158bd0 100644
--- a/docs/docs/en/architecture/configuration.md
+++ b/docs/docs/en/architecture/configuration.md
@@ -226,6 +226,7 @@ security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP
 security.authentication.ldap.password|password|LDAP password
 security.authentication.ldap.user.identity.attribute|uid|LDAP user identity attribute 
 security.authentication.ldap.user.email.attribute|mail|LDAP user email attribute
+security.authentication.ldap.user.not.exist.action|CREATION|action when LDAP user is not exist
 
 ### master.properties [master-service log config]
 
diff --git a/docs/docs/zh/architecture/configuration.md b/docs/docs/zh/architecture/configuration.md
index 6adde902aca9..563809dbf1eb 100644
--- a/docs/docs/zh/architecture/configuration.md
+++ b/docs/docs/zh/architecture/configuration.md
@@ -217,7 +217,7 @@ security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP
 security.authentication.ldap.password|password|LDAP密码
 security.authentication.ldap.user.identity.attribute|uid|LDAP用户身份标识字段名
 security.authentication.ldap.user.email.attribute|mail|LDAP邮箱字段名
-
+security.authentication.ldap.user.not.exist.action|CREATION|当LDAP用户不存在时执行的操作
 
 ## 6.master.properties [Master服务配置]
 |参数 |默认值| 描述| 
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java
new file mode 100644
index 000000000000..a5ffb478d104
--- /dev/null
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.dolphinscheduler.api.security;
+
+import com.baomidou.mybatisplus.annotation.EnumValue;
+
+/**
+ * ldap user not exist action type
+ */
+public enum LdapUserNotExistActionType {
+
+    CREATION(0, "automatically create user when user not exist"),
+    DENY(1, "deny log-in when user not exist"),
+    ;
+
+    LdapUserNotExistActionType(int code, String desc) {
+        this.code = code;
+        this.desc = desc;
+    }
+
+    @EnumValue
+    private final int code;
+    private final String desc;
+}
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
index 1604b79b6a38..41bb0fdddf49 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
@@ -17,6 +17,7 @@
 
 package org.apache.dolphinscheduler.api.security.impl.ldap;
 
+import org.apache.dolphinscheduler.api.security.LdapUserNotExistActionType;
 import org.apache.dolphinscheduler.api.security.impl.AbstractAuthenticator;
 import org.apache.dolphinscheduler.api.service.UsersService;
 import org.apache.dolphinscheduler.dao.entity.User;
@@ -37,7 +38,10 @@ public User login(String userId, String password, String extra) {
             //check if user exist
             user = usersService.getUserByUserName(userId);
             if (user == null) {
-                user = usersService.createUser(ldapService.getUserType(userId), userId, ldapEmail);
+                LdapUserNotExistActionType type = ldapService.getLdapUserNotExistAction();
+                if(type == LdapUserNotExistActionType.CREATION){
+                    user = usersService.createUser(ldapService.getUserType(userId), userId, ldapEmail);
+                }
             }
         }
         return user;
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
index 35abb11479f7..07742951d174 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
@@ -17,8 +17,12 @@
 
 package org.apache.dolphinscheduler.api.security.impl.ldap;
 
+import org.apache.dolphinscheduler.api.security.AuthenticationType;
+import org.apache.dolphinscheduler.api.security.LdapUserNotExistActionType;
 import org.apache.dolphinscheduler.common.enums.UserType;
 
+import org.apache.commons.lang3.StringUtils;
+
 import java.util.Properties;
 
 import javax.naming.Context;
@@ -63,6 +67,9 @@ public class LdapService {
     @Value("${security.authentication.ldap.user.email.attribute:null}")
     private String ldapEmailAttribute;
 
+    @Value("${security.authentication.ldap.user.not.exist.action:CREATION}")
+    private String ldapUserNotExistAction;
+
     /***
      * get user type by configured admin userId
      * @param userId login userId
@@ -130,4 +137,13 @@ Properties getManagerLdapEnv() {
         env.put(Context.PROVIDER_URL, ldapUrls);
         return env;
     }
+
+    public LdapUserNotExistActionType getLdapUserNotExistAction(){
+        if (StringUtils.isBlank(ldapUserNotExistAction)) {
+            logger.info("security.authentication.ldap.user.not.exist.action configuration is empty, the default value 'CREATION'");
+            return LdapUserNotExistActionType.CREATION;
+        }
+
+        return LdapUserNotExistActionType.valueOf(ldapUserNotExistAction);
+    }
 }
diff --git a/dolphinscheduler-api/src/main/resources/application.yaml b/dolphinscheduler-api/src/main/resources/application.yaml
index 542b8048ed62..4715a2f1be16 100644
--- a/dolphinscheduler-api/src/main/resources/application.yaml
+++ b/dolphinscheduler-api/src/main/resources/application.yaml
@@ -143,6 +143,8 @@ security:
       password: password
       user.identity.attribute: uid
       user.email.attribute: mail
+      # action when ldap user is not exist (supported types: CREATION,DENY)
+      user.not.exist.action: CREATION
 
 # Override by profile
 
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
index d1f1d8ebce09..3e92e51d7b49 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
@@ -18,10 +18,12 @@
 package org.apache.dolphinscheduler.api.security;
 
 import org.apache.dolphinscheduler.api.controller.AbstractControllerTest;
+import org.apache.dolphinscheduler.api.security.impl.ldap.LdapService;
 
 import org.junit.Assert;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.test.context.TestPropertySource;
 
 @TestPropertySource(properties = {
@@ -32,9 +34,18 @@ public class SecurityConfigLDAPTest extends AbstractControllerTest {
     @Autowired
     private SecurityConfig securityConfig;
 
+    @Autowired
+    private LdapService ldapService;
+
     @Test
     public void testAuthenticator() {
         Authenticator authenticator = securityConfig.authenticator();
         Assert.assertNotNull(authenticator);
     }
+
+    @Test
+    public void testLdapUserNotExistAction() {
+        LdapUserNotExistActionType authenticator = ldapService.getLdapUserNotExistAction();
+        Assert.assertEquals(authenticator, LdapUserNotExistActionType.CREATION);
+    }
 }
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
index ba0f72a0396b..66658c7468f9 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
@@ -21,6 +21,7 @@
 
 import org.apache.dolphinscheduler.api.controller.AbstractControllerTest;
 import org.apache.dolphinscheduler.api.enums.Status;
+import org.apache.dolphinscheduler.api.security.LdapUserNotExistActionType;
 import org.apache.dolphinscheduler.api.service.SessionService;
 import org.apache.dolphinscheduler.api.service.UsersService;
 import org.apache.dolphinscheduler.api.utils.Result;
@@ -30,6 +31,7 @@
 import org.apache.dolphinscheduler.dao.entity.User;
 
 import java.util.Date;
+import java.util.Map;
 import java.util.UUID;
 
 import javax.servlet.http.HttpServletRequest;
@@ -56,6 +58,7 @@
                 "security.authentication.ldap.password=password",
                 "security.authentication.ldap.user.identity.attribute=uid",
                 "security.authentication.ldap.user.email.attribute=mail",
+                "security.authentication.ldap.user.not.exist.action=CREATION",
         })
 public class LdapAuthenticatorTest extends AbstractControllerTest {
     private static Logger logger = LoggerFactory.getLogger(LdapAuthenticatorTest.class);
@@ -98,23 +101,30 @@ public void setUp() {
         mockSession.setIp(ip);
         mockSession.setUserId(1);
         mockSession.setLastLoginTime(new Date());
-
     }
 
     @Test
     public void testAuthenticate() {
-        when(sessionService.createSession(Mockito.any(User.class), Mockito.eq(ip))).thenReturn(mockSession.getId());
         when(ldapService.ldapLogin(ldapUid, ldapUserPwd)).thenReturn(ldapEmail);
+        when(sessionService.createSession(Mockito.any(User.class), Mockito.eq(ip))).thenReturn(mockSession.getId());
 
-        Result result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
+        // test username pwd correct and user not exist, config user not exist action deny, so login denied
+        when(ldapService.getLdapUserNotExistAction()).thenReturn(LdapUserNotExistActionType.DENY);
+        Result<Map<String, String>> result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
+        Assert.assertEquals(Status.USER_NAME_PASSWD_ERROR.getCode(), (int) result.getCode());
+
+        // test username pwd correct and user not exist, config user not exist action creation, so login success
+        when(ldapService.getLdapUserNotExistAction()).thenReturn(LdapUserNotExistActionType.CREATION);
+        result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
         logger.info(result.toString());
 
+        // test username pwd correct and user not exist, config action creation but can't create session, so login failed
         when(sessionService.createSession(Mockito.any(User.class), Mockito.eq(ip))).thenReturn(null);
-
         result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.LOGIN_SESSION_FAILED.getCode(), (int) result.getCode());
 
+        // test username pwd error, login failed
         when(ldapService.ldapLogin(ldapUid, ldapUserPwd)).thenReturn(null);
         result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.USER_NAME_PASSWD_ERROR.getCode(), (int) result.getCode());
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
index 54e25f4f0e7b..1eedc3fa0386 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
@@ -47,6 +47,7 @@
                 "security.authentication.ldap.password=password",
                 "security.authentication.ldap.user.identity.attribute=uid",
                 "security.authentication.ldap.user.email.attribute=mail",
+                "security.authentication.ldap.user.not.exist.action=CREATION",
         })
 public class LdapServiceTest {
     @Autowired
diff --git a/dolphinscheduler-standalone-server/src/main/resources/application.yaml b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
index d968090e46ae..7df52990fada 100644
--- a/dolphinscheduler-standalone-server/src/main/resources/application.yaml
+++ b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
@@ -101,6 +101,8 @@ security:
       password: password
       user.identity.attribute: uid
       user.email.attribute: mail
+      # action when ldap user is not exist (supported types: CREATION,DENY)
+      user.not.exist.action: CREATION
 
 master:
   listen-port: 5678

From 8750119f93569ca4c31712b6a94236d591c47992 Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Wed, 15 Jun 2022 15:20:59 +0800
Subject: [PATCH 02/10] update field name

---
 docs/docs/en/architecture/configuration.md                 | 2 +-
 docs/docs/zh/architecture/configuration.md                 | 2 +-
 .../api/security/LdapUserNotExistActionType.java           | 2 +-
 .../api/security/impl/ldap/LdapAuthenticator.java          | 2 +-
 .../api/security/impl/ldap/LdapService.java                | 7 +++----
 dolphinscheduler-api/src/main/resources/application.yaml   | 4 ++--
 .../api/security/SecurityConfigLDAPTest.java               | 2 +-
 .../api/security/impl/ldap/LdapAuthenticatorTest.java      | 4 ++--
 .../api/security/impl/ldap/LdapServiceTest.java            | 2 +-
 .../src/main/resources/application.yaml                    | 4 ++--
 10 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/docs/docs/en/architecture/configuration.md b/docs/docs/en/architecture/configuration.md
index 8237d9158bd0..fe4dd167da84 100644
--- a/docs/docs/en/architecture/configuration.md
+++ b/docs/docs/en/architecture/configuration.md
@@ -226,7 +226,7 @@ security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP
 security.authentication.ldap.password|password|LDAP password
 security.authentication.ldap.user.identity.attribute|uid|LDAP user identity attribute 
 security.authentication.ldap.user.email.attribute|mail|LDAP user email attribute
-security.authentication.ldap.user.not.exist.action|CREATION|action when LDAP user is not exist
+security.authentication.ldap.user.not.exist.action|CREATE|action when LDAP user is not exist. Default CREATE: automatically create user when user not exist, DENY: deny log-in when user not exist
 
 ### master.properties [master-service log config]
 
diff --git a/docs/docs/zh/architecture/configuration.md b/docs/docs/zh/architecture/configuration.md
index 563809dbf1eb..14fe03cd86e0 100644
--- a/docs/docs/zh/architecture/configuration.md
+++ b/docs/docs/zh/architecture/configuration.md
@@ -217,7 +217,7 @@ security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP
 security.authentication.ldap.password|password|LDAP密码
 security.authentication.ldap.user.identity.attribute|uid|LDAP用户身份标识字段名
 security.authentication.ldap.user.email.attribute|mail|LDAP邮箱字段名
-security.authentication.ldap.user.not.exist.action|CREATION|当LDAP用户不存在时执行的操作
+security.authentication.ldap.user.not.exist.action|CREATE|当LDAP用户不存在时执行的操作。CREATE：当用户不存在时自动新建用户, DENY：当用户不存在时拒绝登陆
 
 ## 6.master.properties [Master服务配置]
 |参数 |默认值| 描述| 
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java
index a5ffb478d104..1e96ef29547d 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/LdapUserNotExistActionType.java
@@ -24,7 +24,7 @@
  */
 public enum LdapUserNotExistActionType {
 
-    CREATION(0, "automatically create user when user not exist"),
+    CREATE(0, "automatically create user when user not exist"),
     DENY(1, "deny log-in when user not exist"),
     ;
 
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
index 41bb0fdddf49..bc8ebb9acb32 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
@@ -39,7 +39,7 @@ public User login(String userId, String password, String extra) {
             user = usersService.getUserByUserName(userId);
             if (user == null) {
                 LdapUserNotExistActionType type = ldapService.getLdapUserNotExistAction();
-                if(type == LdapUserNotExistActionType.CREATION){
+                if(type == LdapUserNotExistActionType.CREATE){
                     user = usersService.createUser(ldapService.getUserType(userId), userId, ldapEmail);
                 }
             }
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
index 07742951d174..568904d4a376 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
@@ -17,7 +17,6 @@
 
 package org.apache.dolphinscheduler.api.security.impl.ldap;
 
-import org.apache.dolphinscheduler.api.security.AuthenticationType;
 import org.apache.dolphinscheduler.api.security.LdapUserNotExistActionType;
 import org.apache.dolphinscheduler.common.enums.UserType;
 
@@ -67,7 +66,7 @@ public class LdapService {
     @Value("${security.authentication.ldap.user.email.attribute:null}")
     private String ldapEmailAttribute;
 
-    @Value("${security.authentication.ldap.user.not.exist.action:CREATION}")
+    @Value("${security.authentication.ldap.user.not.exist.action:CREATE}")
     private String ldapUserNotExistAction;
 
     /***
@@ -140,8 +139,8 @@ Properties getManagerLdapEnv() {
 
     public LdapUserNotExistActionType getLdapUserNotExistAction(){
         if (StringUtils.isBlank(ldapUserNotExistAction)) {
-            logger.info("security.authentication.ldap.user.not.exist.action configuration is empty, the default value 'CREATION'");
-            return LdapUserNotExistActionType.CREATION;
+            logger.info("security.authentication.ldap.user.not.exist.action configuration is empty, the default value 'CREATE'");
+            return LdapUserNotExistActionType.CREATE;
         }
 
         return LdapUserNotExistActionType.valueOf(ldapUserNotExistAction);
diff --git a/dolphinscheduler-api/src/main/resources/application.yaml b/dolphinscheduler-api/src/main/resources/application.yaml
index 4715a2f1be16..be3bbadeaa49 100644
--- a/dolphinscheduler-api/src/main/resources/application.yaml
+++ b/dolphinscheduler-api/src/main/resources/application.yaml
@@ -143,8 +143,8 @@ security:
       password: password
       user.identity.attribute: uid
       user.email.attribute: mail
-      # action when ldap user is not exist (supported types: CREATION,DENY)
-      user.not.exist.action: CREATION
+      # action when ldap user is not exist (supported types: CREATE,DENY)
+      user.not.exist.action: CREATE
 
 # Override by profile
 
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
index 3e92e51d7b49..5c65877ade4c 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
@@ -46,6 +46,6 @@ public void testAuthenticator() {
     @Test
     public void testLdapUserNotExistAction() {
         LdapUserNotExistActionType authenticator = ldapService.getLdapUserNotExistAction();
-        Assert.assertEquals(authenticator, LdapUserNotExistActionType.CREATION);
+        Assert.assertEquals(LdapUserNotExistActionType.CREATE, authenticator);
     }
 }
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
index 66658c7468f9..98b4509bb19b 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
@@ -58,7 +58,7 @@
                 "security.authentication.ldap.password=password",
                 "security.authentication.ldap.user.identity.attribute=uid",
                 "security.authentication.ldap.user.email.attribute=mail",
-                "security.authentication.ldap.user.not.exist.action=CREATION",
+                "security.authentication.ldap.user.not.exist.action=CREATE",
         })
 public class LdapAuthenticatorTest extends AbstractControllerTest {
     private static Logger logger = LoggerFactory.getLogger(LdapAuthenticatorTest.class);
@@ -114,7 +114,7 @@ public void testAuthenticate() {
         Assert.assertEquals(Status.USER_NAME_PASSWD_ERROR.getCode(), (int) result.getCode());
 
         // test username pwd correct and user not exist, config user not exist action creation, so login success
-        when(ldapService.getLdapUserNotExistAction()).thenReturn(LdapUserNotExistActionType.CREATION);
+        when(ldapService.getLdapUserNotExistAction()).thenReturn(LdapUserNotExistActionType.CREATE);
         result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
         logger.info(result.toString());
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
index 1eedc3fa0386..c80002c5ca2d 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
@@ -47,7 +47,7 @@
                 "security.authentication.ldap.password=password",
                 "security.authentication.ldap.user.identity.attribute=uid",
                 "security.authentication.ldap.user.email.attribute=mail",
-                "security.authentication.ldap.user.not.exist.action=CREATION",
+                "security.authentication.ldap.user.not.exist.action=CREATE",
         })
 public class LdapServiceTest {
     @Autowired
diff --git a/dolphinscheduler-standalone-server/src/main/resources/application.yaml b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
index 7df52990fada..6c11291d7955 100644
--- a/dolphinscheduler-standalone-server/src/main/resources/application.yaml
+++ b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
@@ -101,8 +101,8 @@ security:
       password: password
       user.identity.attribute: uid
       user.email.attribute: mail
-      # action when ldap user is not exist (supported types: CREATION,DENY)
-      user.not.exist.action: CREATION
+      # action when ldap user is not exist (supported types: CREATE,DENY)
+      user.not.exist.action: CREATE
 
 master:
   listen-port: 5678

From 91ced5a580165ac71dec8bd9c9bad7b1570ed5b6 Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Wed, 15 Jun 2022 15:22:52 +0800
Subject: [PATCH 03/10] update field name

---
 .../api/security/impl/ldap/LdapAuthenticatorTest.java         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
index 98b4509bb19b..f8938906b89f 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
@@ -113,13 +113,13 @@ public void testAuthenticate() {
         Result<Map<String, String>> result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.USER_NAME_PASSWD_ERROR.getCode(), (int) result.getCode());
 
-        // test username pwd correct and user not exist, config user not exist action creation, so login success
+        // test username pwd correct and user not exist, config user not exist action create, so login success
         when(ldapService.getLdapUserNotExistAction()).thenReturn(LdapUserNotExistActionType.CREATE);
         result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
         logger.info(result.toString());
 
-        // test username pwd correct and user not exist, config action creation but can't create session, so login failed
+        // test username pwd correct and user not exist, config action create but can't create session, so login failed
         when(sessionService.createSession(Mockito.any(User.class), Mockito.eq(ip))).thenReturn(null);
         result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.LOGIN_SESSION_FAILED.getCode(), (int) result.getCode());

From 8d37627d182c91d24989fdcfdc0f02fbb89c5e36 Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Wed, 15 Jun 2022 15:43:19 +0800
Subject: [PATCH 04/10] update yaml fields

---
 docs/docs/en/architecture/configuration.md        |  8 ++++----
 docs/docs/zh/architecture/configuration.md        |  8 ++++----
 .../api/security/impl/ldap/LdapService.java       |  8 ++++----
 .../src/main/resources/application.yaml           | 15 ++++++++-------
 .../security/impl/ldap/LdapAuthenticatorTest.java |  8 ++++----
 .../api/security/impl/ldap/LdapServiceTest.java   |  8 ++++----
 .../src/main/resources/application.yaml           | 15 ++++++++-------
 7 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/docs/docs/en/architecture/configuration.md b/docs/docs/en/architecture/configuration.md
index fe4dd167da84..7fb176219f6a 100644
--- a/docs/docs/en/architecture/configuration.md
+++ b/docs/docs/en/architecture/configuration.md
@@ -221,12 +221,12 @@ spring.messages.basename|i18n/messages| i18n config
 security.authentication.type|PASSWORD| authentication type
 security.authentication.ldap.user.admin|read-only-admin|admin user account when you log-in with LDAP
 security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls
-security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn
+security.authentication.ldap.base-dn|dc=example,dc=com|LDAP base dn
 security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP username
 security.authentication.ldap.password|password|LDAP password
-security.authentication.ldap.user.identity.attribute|uid|LDAP user identity attribute 
-security.authentication.ldap.user.email.attribute|mail|LDAP user email attribute
-security.authentication.ldap.user.not.exist.action|CREATE|action when LDAP user is not exist. Default CREATE: automatically create user when user not exist, DENY: deny log-in when user not exist
+security.authentication.ldap.user.identity-attribute|uid|LDAP user identity attribute 
+security.authentication.ldap.user.email-attribute|mail|LDAP user email attribute
+security.authentication.ldap.user.not-exist-action|CREATE|action when LDAP user is not exist. Default CREATE: automatically create user when user not exist, DENY: deny log-in when user not exist
 
 ### master.properties [master-service log config]
 
diff --git a/docs/docs/zh/architecture/configuration.md b/docs/docs/zh/architecture/configuration.md
index 14fe03cd86e0..ec413b540427 100644
--- a/docs/docs/zh/architecture/configuration.md
+++ b/docs/docs/zh/architecture/configuration.md
@@ -212,12 +212,12 @@ spring.messages.basename|i18n/messages|i18n配置
 security.authentication.type|PASSWORD|权限校验类型
 security.authentication.ldap.user.admin|read-only-admin|LDAP登陆时，系统管理员账号
 security.authentication.ldap.urls|ldap://ldap.forumsys.com:389/|LDAP urls
-security.authentication.ldap.base.dn|dc=example,dc=com|LDAP base dn
+security.authentication.ldap.base-dn|dc=example,dc=com|LDAP base dn
 security.authentication.ldap.username|cn=read-only-admin,dc=example,dc=com|LDAP账号
 security.authentication.ldap.password|password|LDAP密码
-security.authentication.ldap.user.identity.attribute|uid|LDAP用户身份标识字段名
-security.authentication.ldap.user.email.attribute|mail|LDAP邮箱字段名
-security.authentication.ldap.user.not.exist.action|CREATE|当LDAP用户不存在时执行的操作。CREATE：当用户不存在时自动新建用户, DENY：当用户不存在时拒绝登陆
+security.authentication.ldap.user.identity-attribute|uid|LDAP用户身份标识字段名
+security.authentication.ldap.user.email-attribute|mail|LDAP邮箱字段名
+security.authentication.ldap.user.not-exist-action|CREATE|当LDAP用户不存在时执行的操作。CREATE：当用户不存在时自动新建用户, DENY：当用户不存在时拒绝登陆
 
 ## 6.master.properties [Master服务配置]
 |参数 |默认值| 描述| 
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
index 568904d4a376..500b15650a86 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
@@ -51,7 +51,7 @@ public class LdapService {
     @Value("${security.authentication.ldap.urls:null}")
     private String ldapUrls;
 
-    @Value("${security.authentication.ldap.base.dn:null}")
+    @Value("${security.authentication.ldap.base-dn:null}")
     private String ldapBaseDn;
 
     @Value("${security.authentication.ldap.username:null}")
@@ -60,13 +60,13 @@ public class LdapService {
     @Value("${security.authentication.ldap.password:null}")
     private String ldapPrincipalPassword;
 
-    @Value("${security.authentication.ldap.user.identity.attribute:null}")
+    @Value("${security.authentication.ldap.user.identity-attribute:null}")
     private String ldapUserIdentifyingAttribute;
 
-    @Value("${security.authentication.ldap.user.email.attribute:null}")
+    @Value("${security.authentication.ldap.user.email-attribute:null}")
     private String ldapEmailAttribute;
 
-    @Value("${security.authentication.ldap.user.not.exist.action:CREATE}")
+    @Value("${security.authentication.ldap.user.not-exist-action:CREATE}")
     private String ldapUserNotExistAction;
 
     /***
diff --git a/dolphinscheduler-api/src/main/resources/application.yaml b/dolphinscheduler-api/src/main/resources/application.yaml
index be3bbadeaa49..e367a32b2af5 100644
--- a/dolphinscheduler-api/src/main/resources/application.yaml
+++ b/dolphinscheduler-api/src/main/resources/application.yaml
@@ -134,17 +134,18 @@ security:
     type: PASSWORD
     # IF you set type `LDAP`, below config will be effective
     ldap:
-      # admin userId
-      user.admin: read-only-admin
       # ldap server config
       urls: ldap://ldap.forumsys.com:389/
-      base.dn: dc=example,dc=com
+      base-dn: dc=example,dc=com
       username: cn=read-only-admin,dc=example,dc=com
       password: password
-      user.identity.attribute: uid
-      user.email.attribute: mail
-      # action when ldap user is not exist (supported types: CREATE,DENY)
-      user.not.exist.action: CREATE
+      user:
+        # admin userId when you use LDAP login
+        admin: read-only-admin
+        identity-attribute: uid
+        email-attribute: mail
+        # action when ldap user is not exist (supported types: CREATE,DENY)
+        not-exist-action: CREATE
 
 # Override by profile
 
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
index f8938906b89f..8bd60760fcc3 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
@@ -53,12 +53,12 @@
                 "security.authentication.type=LDAP",
                 "security.authentication.ldap.user.admin=read-only-admin",
                 "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/",
-                "security.authentication.ldap.base.dn=dc=example,dc=com",
+                "security.authentication.ldap.base-dn=dc=example,dc=com",
                 "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com",
                 "security.authentication.ldap.password=password",
-                "security.authentication.ldap.user.identity.attribute=uid",
-                "security.authentication.ldap.user.email.attribute=mail",
-                "security.authentication.ldap.user.not.exist.action=CREATE",
+                "security.authentication.ldap.user.identity-attribute=uid",
+                "security.authentication.ldap.user.email-attribute=mail",
+                "security.authentication.ldap.user.not-exist-action=CREATE",
         })
 public class LdapAuthenticatorTest extends AbstractControllerTest {
     private static Logger logger = LoggerFactory.getLogger(LdapAuthenticatorTest.class);
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
index c80002c5ca2d..ecda46d13f42 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapServiceTest.java
@@ -42,12 +42,12 @@
                 "security.authentication.type=LDAP",
                 "security.authentication.ldap.user.admin=read-only-admin",
                 "security.authentication.ldap.urls=ldap://ldap.forumsys.com:389/",
-                "security.authentication.ldap.base.dn=dc=example,dc=com",
+                "security.authentication.ldap.base-dn=dc=example,dc=com",
                 "security.authentication.ldap.username=cn=read-only-admin,dc=example,dc=com",
                 "security.authentication.ldap.password=password",
-                "security.authentication.ldap.user.identity.attribute=uid",
-                "security.authentication.ldap.user.email.attribute=mail",
-                "security.authentication.ldap.user.not.exist.action=CREATE",
+                "security.authentication.ldap.user.identity-attribute=uid",
+                "security.authentication.ldap.user.email-attribute=mail",
+                "security.authentication.ldap.user.not-exist-action=CREATE",
         })
 public class LdapServiceTest {
     @Autowired
diff --git a/dolphinscheduler-standalone-server/src/main/resources/application.yaml b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
index 6c11291d7955..89c530cdc0a4 100644
--- a/dolphinscheduler-standalone-server/src/main/resources/application.yaml
+++ b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
@@ -92,17 +92,18 @@ security:
     type: PASSWORD
     # IF you set type `LDAP`, below config will be effective
     ldap:
-      # admin userId
-      user.admin: read-only-admin
       # ldap server config
       urls: ldap://ldap.forumsys.com:389/
-      base.dn: dc=example,dc=com
+      base-dn: dc=example,dc=com
       username: cn=read-only-admin,dc=example,dc=com
       password: password
-      user.identity.attribute: uid
-      user.email.attribute: mail
-      # action when ldap user is not exist (supported types: CREATE,DENY)
-      user.not.exist.action: CREATE
+      user:
+        # admin userId when you use LDAP login
+        admin: read-only-admin
+        identity-attribute: uid
+        email-attribute: mail
+        # action when ldap user is not exist (supported types: CREATE,DENY)
+        not-exist-action: CREATE
 
 master:
   listen-port: 5678

From 969fdd99df25d05fe55c4d635b7ff72c6a95419a Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Fri, 17 Jun 2022 10:55:58 +0800
Subject: [PATCH 05/10] update

---
 .../api/security/impl/ldap/LdapAuthenticator.java             | 3 +--
 .../dolphinscheduler/api/security/impl/ldap/LdapService.java  | 4 ++++
 .../dolphinscheduler/api/security/SecurityConfigLDAPTest.java | 4 +++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
index bc8ebb9acb32..cf35b38e02fd 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
@@ -38,8 +38,7 @@ public User login(String userId, String password, String extra) {
             //check if user exist
             user = usersService.getUserByUserName(userId);
             if (user == null) {
-                LdapUserNotExistActionType type = ldapService.getLdapUserNotExistAction();
-                if(type == LdapUserNotExistActionType.CREATE){
+                if(ldapService.createIfUserNotExists()){
                     user = usersService.createUser(ldapService.getUserType(userId), userId, ldapEmail);
                 }
             }
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
index 500b15650a86..6dac2f71d216 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.java
@@ -145,4 +145,8 @@ public LdapUserNotExistActionType getLdapUserNotExistAction(){
 
         return LdapUserNotExistActionType.valueOf(ldapUserNotExistAction);
     }
+
+    public boolean createIfUserNotExists(){
+        return getLdapUserNotExistAction() == LdapUserNotExistActionType.CREATE;
+    }
 }
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
index 5c65877ade4c..77273d279638 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
@@ -23,7 +23,6 @@
 import org.junit.Assert;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.test.context.TestPropertySource;
 
 @TestPropertySource(properties = {
@@ -47,5 +46,8 @@ public void testAuthenticator() {
     public void testLdapUserNotExistAction() {
         LdapUserNotExistActionType authenticator = ldapService.getLdapUserNotExistAction();
         Assert.assertEquals(LdapUserNotExistActionType.CREATE, authenticator);
+
+        boolean isCreateAction = ldapService.createIfUserNotExists();
+        Assert.assertEquals(Boolean.TRUE, isCreateAction);
     }
 }

From d61119395f01c5776a825de19247ea57acb0762c Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Fri, 17 Jun 2022 11:17:23 +0800
Subject: [PATCH 06/10] update

---
 .../dolphinscheduler/api/security/SecurityConfigLDAPTest.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
index 77273d279638..910e5d812ecd 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/SecurityConfigLDAPTest.java
@@ -51,3 +51,4 @@ public void testLdapUserNotExistAction() {
         Assert.assertEquals(Boolean.TRUE, isCreateAction);
     }
 }
+

From f5b3d2ad85248ab2483af7fa79383dc045dfa622 Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Fri, 17 Jun 2022 11:58:13 +0800
Subject: [PATCH 07/10] fix ut

---
 .../api/security/impl/ldap/LdapAuthenticatorTest.java           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
index 8bd60760fcc3..f3835a560a28 100644
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticatorTest.java
@@ -110,11 +110,13 @@ public void testAuthenticate() {
 
         // test username pwd correct and user not exist, config user not exist action deny, so login denied
         when(ldapService.getLdapUserNotExistAction()).thenReturn(LdapUserNotExistActionType.DENY);
+        when(ldapService.createIfUserNotExists()).thenReturn(false);
         Result<Map<String, String>> result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.USER_NAME_PASSWD_ERROR.getCode(), (int) result.getCode());
 
         // test username pwd correct and user not exist, config user not exist action create, so login success
         when(ldapService.getLdapUserNotExistAction()).thenReturn(LdapUserNotExistActionType.CREATE);
+        when(ldapService.createIfUserNotExists()).thenReturn(true);
         result = ldapAuthenticator.authenticate(ldapUid, ldapUserPwd, ip);
         Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode());
         logger.info(result.toString());

From dfc80274d0b9872bbfd3cf19602d6c4e81d6a716 Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Fri, 17 Jun 2022 13:10:49 +0800
Subject: [PATCH 08/10] fix code smell

---
 .../api/security/impl/ldap/LdapAuthenticator.java          | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
index cf35b38e02fd..f8247aa8e6e5 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
@@ -17,7 +17,6 @@
 
 package org.apache.dolphinscheduler.api.security.impl.ldap;
 
-import org.apache.dolphinscheduler.api.security.LdapUserNotExistActionType;
 import org.apache.dolphinscheduler.api.security.impl.AbstractAuthenticator;
 import org.apache.dolphinscheduler.api.service.UsersService;
 import org.apache.dolphinscheduler.dao.entity.User;
@@ -37,10 +36,8 @@ public User login(String userId, String password, String extra) {
         if (ldapEmail != null) {
             //check if user exist
             user = usersService.getUserByUserName(userId);
-            if (user == null) {
-                if(ldapService.createIfUserNotExists()){
-                    user = usersService.createUser(ldapService.getUserType(userId), userId, ldapEmail);
-                }
+            if (user == null && ldapService.createIfUserNotExists()) {
+                user = usersService.createUser(ldapService.getUserType(userId), userId, ldapEmail);
             }
         }
         return user;

From e80583ce2f82f80fddc8c8ad0dd8b3e4f6ece448 Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Fri, 17 Jun 2022 13:27:28 +0800
Subject: [PATCH 09/10] update

---
 .../api/security/impl/ldap/LdapAuthenticator.java                | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
index f8247aa8e6e5..1140a6a0d6b9 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
@@ -43,3 +43,4 @@ public User login(String userId, String password, String extra) {
         return user;
     }
 }
+

From bb328be3af279c420aac6ee573111c7ce7fdc18e Mon Sep 17 00:00:00 2001
From: qingwli <qingwli@cisco.com>
Date: Fri, 17 Jun 2022 13:43:57 +0800
Subject: [PATCH 10/10] update

---
 .../api/security/impl/ldap/LdapAuthenticator.java                | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
index 1140a6a0d6b9..f8247aa8e6e5 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/ldap/LdapAuthenticator.java
@@ -43,4 +43,3 @@ public User login(String userId, String password, String extra) {
         return user;
     }
 }
-