Hey, No response on previous times I've asked this, trying again.
I configured Shiro authentication using Active directory, I have checked this both on version 0.6 and 0.7 and it doesn't work in both. I have a specific group in our active directory, and I wish to grant access to users *only form that group*, but no matter what I configure all users from the whole active directory can access. Config looks like this (excluding/changing specific naming): *[main] * *activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm* *activeDirectoryRealm.systemUsername = <Our system user>* *activeDirectoryRealm.systemPassword = <His password>* *activeDirectoryRealm.searchBase = CN=Company ZepUsers,OU=Groups,DC=Company Domain,DC=com* *activeDirectoryRealm.url = <our url>* *activeDirectoryRealm.groupRolesMap = "CN=Company **ZepUsers,**OU=Groups,DC=Company Domain,DC=com":"admin"* *activeDirectoryRealm.authorizationCachingEnabled = false* *activeDirectoryRealm.principalSuffix=@ourdomain* *securityManager.realms = $activeDirectoryRealm* *sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager* *securityManager.sessionManager = $sessionManager* *securityManager.sessionManager.globalSessionTimeout = 86400000* *shiro.loginUrl = /api/login * *[urls]* */api/version = anon* */** = authc* */api/interpreter/** = authc, roles[admin]* */api/configurations/** = authc, roles[admin]* */api/credential/** = authc, roles[admin] * Note 1. There are spaces in AD path naming, not sure if this has any importance. 2. org.apache.zeppelin.server.ActiveDirectoryGroupRealm is the version 0.6 config in 0.7 I've used the newer class but all the rest exactly the same 3. The only one thing that does work is authorization, users out of the group can't view the interpreter config page because it was defined so in the urls Can anyone help? -- Yaar -- This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this on behalf of the addressee you must not use, copy, disclose or take action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply email and delete this message. Thank you.
