[GitHub] zeppelin issue #1513: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

Sat, 05 Nov 2016 06:20:08 -0700 

Github user gss2002 commented on the issue:

    https://github.com/apache/zeppelin/pull/1513
  
    @nazgul33 and @jongyoul this has been tested from a group perspective:
    
    Here is the example:
    [gsenia@hdp25sandbox ~]$ cat /etc/zeppelin/conf/shiro.ini 
    # Sample LDAP configuration, for user Authentication, currently tested for 
single Realm 
    [main] 
    ldapRealm = org.apache.zeppelin.realm.LdapRealm
    ldapRealm.contextFactory.systemUsername = 
CN=hdplookup,OU=hadoop,DC=hdpusr,DC=senia,DC=org
    ldapRealm.contextFactory.systemPassword = ldapBind12
    ldapRealm.searchBase = dc=hdpusr,dc=senia,dc=org
    ldapRealm.userSearchBase = dc=hdpusr,dc=senia,dc=org
    ldapRealm.groupSearchBase = dc=hdpusr,dc=senia,dc=org
    ldapRealm.authorizationEnabled = true
    ldapRealm.contextFactory.url = ldap://seniadc1.hdpusr.senia.org:3268
    ldapRealm.userSearchAttributeName = sAMAccountName
    ldapRealm.contextFactory.authenticationMechanism = simple
    ldapRealm.groupObjectClass = group
    ldapRealm.memberAttribute = member
    ldapRealm.rolesByGroup = hdpeng: admin
    
    securityManager.realms = $ldapRealm 
    
    sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
    
    ### If caching of user is required then uncomment below lines 
    #cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
    #securityManager.cacheManager = $cacheManager 
    
    securityManager.sessionManager = $sessionManager 
    # 86,400,000 milliseconds = 24 hour 
    securityManager.sessionManager.globalSessionTimeout = 86400000 
    shiro.loginUrl = /api/login
    
    [roles]
    # 'admin' role has all permissions, indicated by the wildcard '*'
    admin = * 
    
    [urls] 
    # anon means the access is anonymous. 
    # authcBasic means Basic Auth Security 
    # authc means Form based Auth Security 
    # To enfore security, comment the line below and uncomment the next one 
    #/api/version = anon 
    #/** = anon 
    /api/interpreter/** = authc, roles[admin]
    /api/configurations/** = authc, roles[admin]
    /api/credential/** = authc, roles[admin]



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to