GitHub user gss2002 reopened a pull request:
https://github.com/apache/zeppelin/pull/1513
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm
### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm:
Provides LdapRealm Functionality similar to what Apache Knox provides. This is
critical as in large enterprise environments Active Directory Global Catalogs
are used for lookup with samAccountName and using a DN Template is not an
option as their are multiple OUs. Also searching on "userPrincipalName" is
risky in an AD environment since the explicit UPN vs Implicit UPN can be
different this is definitely the case with environments using Office 365. And
the LDAP userPrincipalName attribute is the explicit UPN which can be defined
by the directory administrator to any value and it can be duplicated.
SamAccountName is unique per domain and Microsoft states best practice is to
not allow duplicate samAccountName's across the forest.
### What type of PR is it?
[Improvement]
### Todos
None
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472
### How should this be tested?
Setup shiro.ini to use the following configuration:
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername =
CN=hdpbind,OU=Svc,DC=exadc,DC=w2k,DC=example,DC=com
ldapADGCRealm.contextFactory.systemPassword = ldapPassword
ldapADGCRealm.searchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.userSearchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.groupSearchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.contextFactory.url =
ldap://exampledc1.exadc.w2k.example.com:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.userObjectClass = user
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member
### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? n
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1472
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/1513.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1513
----
commit 34938754ac7e220a03cc1817bf93f2cf2d189ee9
Author: gss2002 <g...@senia.org>
Date: 2016-10-11T03:58:51Z
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm
Class
commit 8991d647b024d04eed7005173b4a8eec07b18c6c
Author: gss2002 <g...@senia.org>
Date: 2016-10-14T00:48:25Z
Merge remote-tracking branch 'upstream/master' into ZEPPELIN-1472
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
