Github user gss2002 commented on the issue: https://github.com/apache/zeppelin/pull/1513 @nazgul33 and @jongyoul this has been tested from a group perspective: Here is the example: [gsenia@hdp25sandbox ~]$ cat /etc/zeppelin/conf/shiro.ini # Sample LDAP configuration, for user Authentication, currently tested for single Realm [main] ldapRealm = org.apache.zeppelin.realm.LdapRealm ldapRealm.contextFactory.systemUsername = CN=hdplookup,OU=hadoop,DC=hdpusr,DC=senia,DC=org ldapRealm.contextFactory.systemPassword = ldapBind12 ldapRealm.searchBase = dc=hdpusr,dc=senia,dc=org ldapRealm.userSearchBase = dc=hdpusr,dc=senia,dc=org ldapRealm.groupSearchBase = dc=hdpusr,dc=senia,dc=org ldapRealm.authorizationEnabled = true ldapRealm.contextFactory.url = ldap://seniadc1.hdpusr.senia.org:3268 ldapRealm.userSearchAttributeName = sAMAccountName ldapRealm.contextFactory.authenticationMechanism = simple ldapRealm.groupObjectClass = group ldapRealm.memberAttribute = member ldapRealm.rolesByGroup = hdpeng: admin securityManager.realms = $ldapRealm sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager ### If caching of user is required then uncomment below lines #cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager #securityManager.cacheManager = $cacheManager securityManager.sessionManager = $sessionManager # 86,400,000 milliseconds = 24 hour securityManager.sessionManager.globalSessionTimeout = 86400000 shiro.loginUrl = /api/login [roles] # 'admin' role has all permissions, indicated by the wildcard '*' admin = * [urls] # anon means the access is anonymous. # authcBasic means Basic Auth Security # authc means Form based Auth Security # To enfore security, comment the line below and uncomment the next one #/api/version = anon #/** = anon /api/interpreter/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin]
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---