I got the exact same issue, Can someone give more info on how this should be used?
Thanks, Yaar > On 27 Jan 2017, at 13:32, Michał Kabocik <michal.kabo...@gmail.com> wrote: > > Dears, > > I'm trying to configure shiro to authenticate users from AD and to limit > access to login to webui for specific group. > > Here's my shiro.ini config: > > activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm > activeDirectoryRealm.systemUsername = user > activeDirectoryRealm.systemPassword = password > activeDirectoryRealm.searchBase = "OU=x,OU=x,OU=x,DC=x,DC=x,DC=x" > activeDirectoryRealm.url = ldaps://ldap.domain.com:636 > activeDirectoryRealm.groupRolesMap = > "CN=HADOOP_GROUP,OU=x,OU=x,OU=x,OU=x,DC=x,DC=x,DC=x":"role1" > activeDirectoryRealm.authorizationCachingEnabled = false > > [roles] > role1 = * > > /api/version = anon > #/** = anon > /** = authc > > Currently, authentication works for every user who is in search base, so > everyone from search base can login. To limit access, I would like to have > authorization based on specified group, like above. > What am I missing? > > I'll appreciate your help. > Kind regards, > > -- > Michał Kabocik -- This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this on behalf of the addressee you must not use, copy, disclose or take action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply email and delete this message. Thank you.
