Fawze Abujaber created ZEPPELIN-3845:
----------------------------------------
Summary: Users out of the group maps in AD authitication are able
to authenticate
Key: ZEPPELIN-3845
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3845
Project: Zeppelin
Issue Type: Bug
Affects Versions: 0.8.0
Reporter: Fawze Abujaber
I'm working to authniticate Zeppelin login with the AD and below is my shiro
conf.
My issue that the groupRolesMap is working me fine where zeppelin_admin group
are able to login and restart and see the interpreter page and the member group
not and that's fine.
But any user in the other AD trees are able to login to zeppelin, i think i'm
missing some conf in the urls or roles.
I feel it's a BUG
activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
activeDirectoryRealm.systemUsername = zeppelin_bind
activeDirectoryRealm.systemPassword = XXXXXXXX
activeDirectoryRealm.searchBase = "OU=Zeppelin,DC=XXXXX,DC=com"
activeDirectoryRealm.url = ldap://XXX.XXXXXX.com
activeDirectoryRealm.groupRolesMap =
"CN=zeppelin_admins,OU=Zeppelin,DC=XXXXXX,DC=com":"admin","CN=zeppelin_members,OU=Zeppelin,DC=XXXXXXX,DC=com":"member"
activeDirectoryRealm.authorizationCachingEnabled = true
[email protected]
securityManager.realms = $activeDirectoryRealm
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
/api/version = anon
# Allow all authenticated users to restart interpreters on a notebook page.
# Comment out the following line if you would like to authorize only admin
users to restart interpreters.
/api/interpreter/setting/restart/** = authc
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
