[Improvement][dolphinscheduler-api] Make ADMIN user a "memberOf" when using LDAP server

[mjeremym2]

Search before asking

• I had searched in the issues and found no similar feature requirement.

Description

The currently implementation will only llow one user to be ADMIN for a scheduler instance using the attribute

security.authentication.ldap.user.admin=read-only-admin

Further more the revoke/invoking must be done changing the dolphin config. In large organisation this will done through roles/groups.

Therefore, I would like to be assign admin access using LDAP groups ("memberOf" attribute)

So can we extend the code (keeping the old way too), but also add chacke like "mail" attributes

    security.authentication.ldap.user.admin-attribute=membmerOf
    security.authentication.ldap.user.admin-value=cn=dolphinAdmin,dc=....etc...

#16105

Are you willing to submit a PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[mjeremym2]

Improved feature buy replacing "admin-attribute" and "admin-value" to "admin-filter" so a filter check is applied to find admin users. This will enable different LDAP setup for ROLES. The filter makes it very generic to identify the ADMIN role

For the "ldap.forumsys.com" were we make all scientist admins

security.authentication.ldap.user.admin-filter=(&(ou=scientists)(uniqueMember=uid={0},dc=example,dc=com))

to the use of "memberOf" assigning of roles.

(security.authentication.ldap.user.admin-filter=&(sAMAccountName={0})(memberOf=CN=admin,OU=dolphin,DC=example,DC=com)