Hi, I manage to enable Active Directory by update shiro.ini But there is issue coming from this. I cannot access interpreter, even no one cannot access interpreter.
This is my shiro.ini [users] # List of users with their password allowed to access Zeppelin. # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections #bembi = password, admin #prima = password, user # Sample LDAP configuration, for user Authentication, currently tested for single Realm [main] ### A sample for configuring Active Directory Realm activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = username activeDirectoryRealm.systemPassword = password activeDirectoryRealm.searchBase = "OU=Zeppelin_Account,OU=Office,DC=dattabot,DC=io" activeDirectoryRealm.url = ldap://1.2.3.4:389 activeDirectoryRealm.groupRolesMap = "CN=Zeppelin-Admin,OU=Zeppelin_Account,OU=Office,DC=dattabot,DC=io":"admin","CN=Zeppelin-User,OU=Zeppelin_Account,OU=Office,DC=dattabot,DC=io":"user" activeDirectoryRealm.authorizationCachingEnabled = false activeDirectoryRealm.principalSuffix= @dattabot.io securityManager.realms = $activeDirectoryRealm sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager ### If caching of user is required then uncomment below lines #cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager #securityManager.cacheManager = $cacheManager securityManager.sessionManager = $sessionManager # 86,400,000 milliseconds = 24 hour securityManager.sessionManager.globalSessionTimeout = 86400000 shiro.loginUrl = /api/login [roles] admin = admin user = user [urls] # This section is used for url-based security. # You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. # anon means the access is anonymous. # authc means Form based Auth Security # To enfore security, comment the line below and uncomment the next one /api/version = anon /api/interpreter/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] #/** = anon /** = authc When I investigate the log file, it seems that the roles does not mapped correctly. This is log when I use static user : INFO [2017-07-12 09:48:23,137] ({qtp1211076369-78} NotebookServer.java[onOpen]:156) - New connection from 1.2.3.4 : 30380 WARN [2017-07-12 09:48:30,167] ({qtp1211076369-90} LoginRestApi.java[postLogin]:115) - {"status":"OK","message":"","body":{"principal":"bembi","ticket":"9596dd7a-1f60-4c4f-a66a-040b4135f54f",*"roles":"[admin]"*}} And this is log when Active Directory is enabled: INFO [2017-07-12 09:49:52,063] ({qtp1211076369-18} NotebookServer.java[onOpen]:156) - New connection from 1.2.3.4 : 30389 WARN [2017-07-12 09:50:02,717] ({qtp1211076369-14} LoginRestApi.java[postLogin]:115) - {"status":"OK","message":"","body":{"principal":"bembi.prima","ticket":"0ec9a345-53a9-4220-bf5f-a68092cea673",*"roles":"[]"*}} -- View this message in context: http://apache-zeppelin-users-incubating-mailing-list.75479.x6.nabble.com/Active-Directory-do-not-mapped-roles-correctly-tp5989.html Sent from the Apache Zeppelin Users (incubating) mailing list mailing list archive at Nabble.com.
