Bump.... Has anyone managed to get this working?
On Thu, Jul 20, 2017 at 11:37 AM, cs user <acldstk...@gmail.com> wrote: > Hello, > > Can someone explain how the shiro.ini config should look when trying to > encrypt the AD password? > > We have the following config: > > activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm >> activeDirectoryRealm.url = ldaps://some.address.com:636 >> activeDirectoryRealm.searchBase = DC=top,DC=domain,DC=sub,DC=com >> activeDirectoryRealm.groupRolesMap = "CN=GROUP,OU=some,OU=location, >> OU=folder,DC=top,DC=domain,DC=sub,DC=com”:”someuser” >> activeDirectoryRealm.systemUsername = some.account >> > # Password commented out > > #activeDirectoryRealm.systemPassword = passwordnotused >> activeDirectoryRealm.hadoopSecurityCredentialPath = >> "jceks://file/tmp/zeppelin/conf/zeppelin.jceks" >> activeDirectoryRealm.principalSuffix=@some.sub.com >> activeDirectoryRealm.authorizationCachingEnabled = false > > > However it doesn't appear to be using the credential which is stored in > the jceks file. > > The file was created using the following command: > > hadoop credential create activeDirectoryRealm.systemPassword -provider >> jceks://file/tmp/zeppelin/conf/zeppelin.jceks > > > The file is owned by zeppelin. > > I've tried created the credential with both "systemPassword" and > "systempassword" as the name. > > Everything works fine if I just use the plain text password. I'm using > Zeppelin version 0.7.0. > > What am I missing here? Does anyone have an example config which is > working for them? I've check the logs and there are no errors relating to > loading the above jceks file. > > Thanks! >
