[GitHub] zeppelin pull request #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage relog...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/2886


---

[GitHub] zeppelin issue #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromK...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2886
  
@prabhjyotsingh @zjffdu I made changes to check if security is enabled and 
if it was logged in via a keytab and than i relogin with checktgt method vs 
relogining in every time causing excess load on the kdc


---

[GitHub] zeppelin issue #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromK...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2886
  
@zjffdu I am going to cut the new improved fix based on original feedback. 
But yes you will have to adjust the KDC to test this as Java does not use 
ticket_lifetime or renew_lifetime from krb5.conf per this article not fixed 
until Java 9.


https://stackoverflow.com/questions/38555244/how-do-you-set-the-kerberos-ticket-lifetime-from-java
https://bugs.openjdk.java.net/browse/JDK-8044500


---

[GitHub] zeppelin issue #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromK...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2886
  

https://stackoverflow.com/questions/38555244/how-do-you-set-the-kerberos-ticket-lifetime-from-java
https://bugs.openjdk.java.net/browse/JDK-8044500


---

[GitHub] zeppelin issue #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromK...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2886
  
@zjffdu you cannot just update the krb5.conf those are just recommendations 
on the client side. The KDC both with MIT Krb5 and Active Directory control the 
max_renewable_lifetime via /var/kerberos/krb5kdc/kdc.conf and settings in 
Windows registry.  My co-worker and I tested this today and the ticket is still 
renewable because the KDC controls the max time and it looks as if Java takes 
info from the KDC... Using the CLI kinit/klist and hadoop fs the ticket is 
expired. But from the looks of it when logging in with a keytab via UGI which 
zeppelin does for the HDFS calls it takes the settings from the kdc...  

See below:
JDK - KRB5 DEBUG OUTPUT from Zeppelin JVM:
 
Native config name: /etc/krb5.conf
Loaded from native config
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): UNIT.HDP.EXAMPLE.COM
>>> KeyTabInputStream, readName(): zeppelin-unit
>>> KeyTab: load() entry length: 88; type: 18
>>> KeyTabInputStream, readName(): UNIT.HDP.EXAMPLE.COM
>>> KeyTabInputStream, readName(): zeppelin-unit
>>> KeyTab: load() entry length: 72; type: 17
>>> KeyTabInputStream, readName(): UNIT.HDP.EXAMPLE.COM
>>> KeyTabInputStream, readName(): zeppelin-unit
>>> KeyTab: load() entry length: 72; type: 23
Looking for keys for: zeppelin-u...@unit.hdp.example.com
Added key: 23version: 2
Added key: 17version: 2
Added key: 18version: 2
Looking for keys for: zeppelin-u...@unit.hdp.example.com
Added key: 23version: 2
Added key: 17version: 2
Added key: 18version: 2
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=ha21d51kd.unit.hdp.example.com TCP:88, 
timeout=3, number of retries =3, #bytes=174
>>> KDCCommunication: kdc=ha21d51kd.unit.hdp.example.com TCP:88, 
timeout=3,Attempt =1, #bytes=174
>>>DEBUG: TCPClient reading 769 bytes
>>> KrbKdcReq send: #bytes read=769
>>> KdcAccessibility: remove ha21d51kd.unit.hdp.example.com
Looking for keys for: zeppelin-u...@unit.hdp.example.com
Added key: 23version: 2
Added key: 17version: 2
Added key: 18version: 2
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsRep cons in KrbAsReq.getReply zeppelin-unit
Found ticket for zeppelin-u...@unit.hdp.example.com to go to 
krbtgt/unit.hdp.example@unit.hdp.example.com expiring on Wed Mar 28 
23:28:46 EDT 2018
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for zeppelin-u...@unit.hdp.example.com to go to 
krbtgt/unit.hdp.example@unit.hdp.example.com expiring on Wed Mar 28 
23:28:46 EDT 2018
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 18 17 16 23.
 
 
Showing Zeppelin was started after modifying /etc/krb5.conf 2m/5m 
ticket_lifetime/renew_lifetime
 
[root@ha21d55en zeppelin]# ps guaxww | grep -i zeppelin
zeppelin  89982  2.4  3.6 6872888 601888 ?  Sl   13:28   0:30 
/usr/jdk64/jdk1.8.0_102/bin/java -Dsun.security.krb5.debug=true 
-Dhdp.version=2.5.3.18-5 -Dspark.executor.memory=512m 
-Dspark.yarn.queue=default -Dfile.encoding=UTF-8 -Xms1024m -Xmx1024m 
-XX:MaxPermSize=512m 
-Dlog4j.configuration=file:///usr/local/zeppelin/current/conf/log4j.properties 
-Dzeppelin.log.file=/var/log/zeppelin/zeppelin-zeppelin-ha21d55en.unit.hdp.example.com.log
 -cp 
::/usr/local/zeppelin/current/lib/interpreter/*:/usr/local/zeppelin/current/lib/*:/usr/local/zeppelin/current/*::/usr/local/zeppelin/current/conf:/etc/hadoop/conf
 org.apache.zeppelin.server.ZeppelinServer
zeppelin  90439  0.0  0.0 113124  1524 ?S13:30   0:00 /bin/bash 
/usr/local/zeppelin/current/bin/interpreter.sh -d 
/usr/local/zeppelin/current/interpreter/livy -c 10.70.57.5 -p 41478 -r : -l 
/usr/local/zeppelin/current/local-repo/livy1 -g livy1
zeppelin  90454  0.0  0.0 113120   836 ?S13:30   0:00 /bin/bash 
/usr/local/zeppelin/current/bin/interpreter.sh -d 
/usr/local/zeppelin/current/interpreter/livy -c 10.70.57.5 -p 41478 -r : -l 
/usr/local/zeppelin/current/local-repo/livy1 -g livy1
zeppelin  90455  0.3  1.3 5198944 214228 ?  Sl   13:30   0:04 
/usr/jdk64/jdk1.8.0_102/bin/java -Dfile.encoding=UTF-8 
-Dlog4j.configuration=file:///usr/local/zeppelin/current/conf/log4j.properties 
-Dzeppelin.log.file=/var/log/zeppelin/zeppelin-interpreter-livy1-zeppelin-ha21d55en.unit.hdp.example.com.log
 -Xms1024m -Xmx1024m -XX:MaxPermSize=512m -

[GitHub] zeppelin issue #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromK...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2886
  
@prabhjyotsingh I just read that same stackoverflow part of me says use 
checktgtandreloginfronkeytab to be lighter on kdc thoughts?  I will dig a bit 
deeper in am but auto renewal thread that exists in ugi cannot go beyond max 
renewal
@felixcheung I think you are right if I do 
usergroupinformation.getCurrentUser().checkTGtAndReloginFromKeytab() would work 
too

private void reloginFromKeytab(boolean checkTGT) throws IOException {
if (!shouldRelogin() || !isFromKeytab()) {
  return;
}
HadoopLoginContext login = getLogin();
if (login == null) {
  throw new KerberosAuthException(MUST_FIRST_LOGIN_FROM_KEYTAB);
}
if (checkTGT) {
  KerberosTicket tgt = getTGT();
  if (tgt != null && !shouldRenewImmediatelyForTests &&
Time.now() < getRefreshTime(tgt)) {
return;
  }
}
relogin(login);
  }


---

[GitHub] zeppelin issue #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromK...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2886
  
@prabhjyotsingh  @zjffdu can you help review if you feel this is a valid 
fix?
Thanks again


---

[GitHub] zeppelin issue #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromK...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2886
  
@zjffdu here is a patch that I think will fix this issue. I will know in 7 
days if the issue comes back but has plagued our 4 different environments 
running Zeppelin over the last few days since it has reached max timeout. Let 
me know your thoughts on this patch. Also the CI failures look to be un-related.


---

[GitHub] zeppelin pull request #2886: ZEPPELIN-3356: Zeppelin FileSystemStorage relog...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/2886

ZEPPELIN-3356: Zeppelin FileSystemStorage reloginFromKeytab needed

What is this PR for?
During long runs of Apache Zeppelin using HDFS as the backing configuration 
and notebook storage. We noticed that when the Zeppelin Server ticket had 
reached 7 days our max renewal time the keytab is not re-logged in leaving the 
Zeppelin Server in an unusable state. The solution is to reLoginFromKeytab 
before any operations as it will check if the ticket needs to be relogged in.

What type of PR is it?
[Bug Fix]

Todos

What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-3356

How should this be tested?
Run Zeppelin Server for the max kerberos renewal time

Screenshots (if appropriate)

Questions:
Does the licenses files need update? No
Is there breaking changes for older versions? No
Does this needs documentation? No
Author: Greg Senia gse...@apache.org

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-3356

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/2886.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2886


commit dc190e5979ffaca2ae36cdbc5a171624ce5868d5
Author: gss2002 <greg@...>
Date:   2018-03-21T16:33:34Z

ZEPPELIN-3356: Zeppelin FileSystem Storage reloginFromKeytab needed




---

[GitHub] zeppelin issue #2855: ZEPPELIN-3309. Import/Clone user not set in Paragraph ...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2855
  
@zjffdu the only test not passing was the e2e test which I am re-runnin 
gnow..  Let me know if I need to do anything else.


---

[GitHub] zeppelin issue #2855: ZEPPELIN-3309. Import/Clone user not set in Paragraph ...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2855
  
@zjffdu any reason why travis-ci is failing on disk issues?


travis_time:end:20c877c0:start=1520617145805371744,finish=1520617145811589622,duration=6217878
travis_fold:end:after_failure.11
travis_fold:start:after_failure.12
travis_time:start:09d64a64
$ cat 
livy/target/tmp/livy-int-test/MiniYarnMain/target/org.apache.livy.test.framework.MiniYarnMain/*/*/*/stderr
cat: 
livy/target/tmp/livy-int-test/MiniYarnMain/target/org.apache.livy.test.framework.MiniYarnMain/*/*/*/stderr:
 No such file or directory


travis_time:end:09d64a64:start=1520617145818231645,finish=1520617145824458197,duration=6226552
travis_fold:end:after_failure.12

Done. Your build exited with 1.
grep: write error: No space left on device


---

[GitHub] zeppelin issue #2855: ZEPPELIN-3309. Import/Clone user not set in Paragraph ...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2855
  
@zjffdu I think this pull request should be good. There looks to be some 
issues with travis unrelated to the code changes. And I ran the tests a few 
times not sure whats up with it.


---

[GitHub] zeppelin pull request #2855: ZEPPELIN-3309. Import/Clone user not set in Par...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/2855

ZEPPELIN-3309. Import/Clone user not set in Paragraph causes NPE.

What is this PR for?
During Import/Clone Paragraph set "user" to eliminate NPEs thrown in Helium 
and other functions leaving unusable notebooks.

What type of PR is it?
[Bug Fix]

Todos

What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-3309

How should this be tested?
Manually tested using Import/Clone of Notebooks and attempt to adjust bound 
interpreters

Screenshots (if appropriate)

Questions:
Does the licenses files need update? No
Is there breaking changes for older versions? No
Does this needs documentation? No
Author: Greg Senia gse...@apache.org

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-3309

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/2855.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2855


commit b8c35c964b07b9836ca09cbb5bb4a8509b2367cd
Author: gss2002 <greg@...>
Date:   2018-03-08T22:06:06Z

ZEPPELIN-3309. Import/Clone user not set in Paragraph causes NPE.




---

[GitHub] zeppelin pull request #2851: ZEPPELIN-3309. Import/Clone user not set in Par...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/2851


---

[GitHub] zeppelin issue #2851: ZEPPELIN-3309. Import/Clone user not set in Paragraph ...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2851
  
@zjffdu thanks for the insight. It's setup and running now.


---

[GitHub] zeppelin pull request #2851: ZEPPELIN-3309. Import/Clone doesn't set user in...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/2851

ZEPPELIN-3309. Import/Clone doesn't set user in Paragraph causing NPE

What is this PR for?
During Import/Clone Paragraph set "user" to eliminate NPEs thrown in Helium 
and other functions leaving unusable notebooks.

What type of PR is it?
[Bug Fix]

Todos
 - Task

What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-3309

How should this be tested?
Manually tested using Import/Clone of Notebooks and attempt to adjust bound 
interpreters and tested using new unit test to clone notebooks to verify 
username is added during clone.

Screenshots (if appropriate)

Questions:
Does the licenses files need update? No
Is there breaking changes for older versions? No
Does this needs documentation? No

Author: Greg Senia gse...@apache.org

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-3309

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/2851.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2851


commit 091130073ee545a4f637d53708ee1f7165bddebc
Author: gss2002 <greg@...>
Date:   2018-03-08T22:06:06Z

ZEPPELIN-3309. Import/Clone doesn't set user in Paragraph causing NPE




---

[GitHub] zeppelin issue #2851: ZEPPELIN-3309. Import/Clone doesn't set user in Paragr...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2851
  
@zjffdu any chance you would possibly know why the commit wouldn't be found?

[2018-03-08 22:14:11] Can't find build for commit 
091130073ee545a4f637d53708ee1f7165bddebc from gss2002



---

[GitHub] zeppelin pull request #2851: ZEPPELIN-3309. Import/Clone doesn't set user in...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/2851

ZEPPELIN-3309. Import/Clone doesn't set user in Paragraph causing NPE

What is this PR for?
During Import/Clone Paragraph set "user" to eliminate NPEs thrown in Helium 
and other functions leaving unusable notebooks.

What type of PR is it?
[Bug Fix]

Todos
 - Task

What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-3309

How should this be tested?
Manually tested using Import/Clone of Notebooks and attempt to adjust bound 
interpreters and tested using new unit test to clone notebooks to verify 
username is added during clone.

Screenshots (if appropriate)

Questions:
Does the licenses files need update? No
Is there breaking changes for older versions? No
Does this needs documentation? No

Author: Greg Senia gse...@apache.org

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-3309

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/2851.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2851


commit 091130073ee545a4f637d53708ee1f7165bddebc
Author: gss2002 <greg@...>
Date:   2018-03-08T22:06:06Z

ZEPPELIN-3309. Import/Clone doesn't set user in Paragraph causing NPE




---

[GitHub] zeppelin issue #2849: ZEPPELIN-3309. Import/Clone doesn't set user in Paragr...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2849
  
Closing this pull request for now will re-open with a new one which 
includes formatting changes and corrections and test cases.


---

[GitHub] zeppelin pull request #2849: ZEPPELIN-3309. Import/Clone doesn't set user in...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/2849


---

[GitHub] zeppelin issue #2849: ZEPPELIN-3309. Import/Clone doesn't set user in Paragr...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/2849
  
@zjffdu no problem. yes I will work on a unit test later tonight/tomorrow 
am.


---

[GitHub] zeppelin pull request #2849: ZEPPELIN-3309. Import/Clone doesn't set user in...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/2849

ZEPPELIN-3309. Import/Clone doesn't set user in Paragraph causing NPE

### What is this PR for?
During Import/Clone Paragraph set "user" to eliminate NPEs thrown in Helium 
and other functions leaving unusable notebooks.

### What type of PR is it?
[Bug Fix]

### Todos
* [ ] - Task

### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-3309

### How should this be tested?
* Manually tested using Import/Clone of Notebooks and attempt to adjust 
bound interpreters

### Screenshots (if appropriate)

### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No

Author: Greg Senia <gse...@apache.org>

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-3309

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/2849.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2849


commit e4f01773e1f848d45d3706ad81a1f9801d256802
Author: gss2002 <greg@...>
Date:   2018-03-08T01:39:19Z

ZEPPELIN-3309. Import/Clone doesn't set user in Paragraph causing NPE




---

[GitHub] zeppelin pull request #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 E...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1516


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1503: NPE LivySparkSQLInterpreter thrown with %livy.s...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1503


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu all set


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1614: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/1614

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to Apache Knox

### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to what Apache Knox provides. This is 
critical as in large enterprise environments Active Directory Global Catalogs 
are used for lookup with samAccountName and using a DN Template is not an 
option as their are multiple OUs. Also searching on "userPrincipalName" is 
risky in an AD environment since the explicit UPN vs Implicit UPN can be 
different this is definitely the case with environments using Office 365. And 
the LDAP userPrincipalName attribute is the explicit UPN which can be defined 
by the directory administrator to any value and it can be duplicated. 
SamAccountName is unique per domain and Microsoft states best practice is to 
not allow duplicate samAccountName's across the forest. 

In addition to the above changes I have adjusted and moved the 
LdapGroupRealm and ActiveDirectoryGroupRealm into the org.apache.zeppelin.realm 
package structure to make all Realm's consistent. 

The LdapRealm class also works with role to group mapping for usage within 
Zeppelin for notebook authorization.

I have adjusted SecurityUtils to use ClassName vs realmName in determining 
what to use as you may have companies that decide to use their own custom 
realmname in shiro.ini and may not realize you cannot so using className is 
much safer. 


Example - SecurityUtils
String name = realm.getClass().getName();
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
  allRoles = ((IniRealm) realm).getIni().get("roles");
  break;
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
  allRoles = ((LdapRealm) realm).getListRoles();
  break;
}

Example - SecurityRestApi:
  String name = realm.getClass().getName();
  if (LOG.isDebugEnabled()) {
LOG.debug("RealmClass.getName: " + name);
  }
  if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
usersList.addAll(getUserListObj.getUserList((IniRealm) realm));
rolesList.addAll(getUserListObj.getRolesList((IniRealm) realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) 
realm, searchText));
  } else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, 
searchText));
rolesList.addAll(getUserListObj.getRolesList((LdapRealm) 
realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {

usersList.addAll(getUserListObj.getUserList((ActiveDirectoryGroupRealm) realm,
searchText));
  } else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
usersList.addAll(getUserListObj.getUserList((JdbcRealm) realm));
  }

Please see feedback from previous PRs related to this JIRA:
https://github.com/apache/zeppelin/pull/1513

### What type of PR is it?
[Improvement]

### Todos
* [ ] - Task

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472

### How should this be tested?
Update shiro.ini to use configuration similar to below:
# Sample LDAP configuration, for user Authentication, currently tested for 
single Realm 
[main] 
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername = 
CN=hdplookup,OU=hadoop,DC=hdpusr,DC=senia,DC=org
ldapADGCRealm.contextFactory.systemPassword = ldapBindPassword
ldapADGCRealm.searchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.userSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.groupSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.authorizationEnabled = true
ldapADGCRealm.contextFactory.url = ldap://seniadc1.hdpusr.senia.org:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member
ldapADGCRealm.rolesByGroup = hdpeng: admin, \
 hadoopusers: user

securityManager.realms = $ldapADGCRealm 

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 

### If caching of user is required then uncomment below lines 
#ca

[GitHub] zeppelin pull request #1614: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1614


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1614: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/1614

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to Apache Knox

### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to what Apache Knox provides. This is 
critical as in large enterprise environments Active Directory Global Catalogs 
are used for lookup with samAccountName and using a DN Template is not an 
option as their are multiple OUs. Also searching on "userPrincipalName" is 
risky in an AD environment since the explicit UPN vs Implicit UPN can be 
different this is definitely the case with environments using Office 365. And 
the LDAP userPrincipalName attribute is the explicit UPN which can be defined 
by the directory administrator to any value and it can be duplicated. 
SamAccountName is unique per domain and Microsoft states best practice is to 
not allow duplicate samAccountName's across the forest. 

In addition to the above changes I have adjusted and moved the 
LdapGroupRealm and ActiveDirectoryGroupRealm into the org.apache.zeppelin.realm 
package structure to make all Realm's consistent. 

The LdapRealm class also works with role to group mapping for usage within 
Zeppelin for notebook authorization.

I have adjusted SecurityUtils to use ClassName vs realmName in determining 
what to use as you may have companies that decide to use their own custom 
realmname in shiro.ini and may not realize you cannot so using className is 
much safer. 


Example - SecurityUtils
String name = realm.getClass().getName();
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
  allRoles = ((IniRealm) realm).getIni().get("roles");
  break;
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
  allRoles = ((LdapRealm) realm).getListRoles();
  break;
}

Example - SecurityRestApi:
  String name = realm.getClass().getName();
  if (LOG.isDebugEnabled()) {
LOG.debug("RealmClass.getName: " + name);
  }
  if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
usersList.addAll(getUserListObj.getUserList((IniRealm) realm));
rolesList.addAll(getUserListObj.getRolesList((IniRealm) realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) 
realm, searchText));
  } else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, 
searchText));
rolesList.addAll(getUserListObj.getRolesList((LdapRealm) 
realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {

usersList.addAll(getUserListObj.getUserList((ActiveDirectoryGroupRealm) realm,
searchText));
  } else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
usersList.addAll(getUserListObj.getUserList((JdbcRealm) realm));
  }

Please see feedback from previous PRs related to this JIRA:
https://github.com/apache/zeppelin/pull/1513

### What type of PR is it?
[Improvement]

### Todos
* [ ] - Task

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472

### How should this be tested?
Update shiro.ini to use configuration similar to below:
# Sample LDAP configuration, for user Authentication, currently tested for 
single Realm 
[main] 
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername = 
CN=hdplookup,OU=hadoop,DC=hdpusr,DC=senia,DC=org
ldapADGCRealm.contextFactory.systemPassword = ldapBindPassword
ldapADGCRealm.searchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.userSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.groupSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.authorizationEnabled = true
ldapADGCRealm.contextFactory.url = ldap://seniadc1.hdpusr.senia.org:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member
ldapADGCRealm.rolesByGroup = hdpeng: admin, \
 hadoopusers: user

securityManager.realms = $ldapADGCRealm 

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 

### If caching of user is required then uncomment below lines 
#ca

[GitHub] zeppelin issue #1614: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1614
  
Going to close and re-open to re kick the tests. These tests have been 
flaky I dont think the error is related to the patch...

15:38:55,459 ERROR org.apache.zeppelin.AbstractZeppelinIT:136 - Exception 
in ParagraphActionsIT while testEditOnDoubleClick 
org.openqa.selenium.ElementNotVisibleException: Element is not currently 
visible and so may not be interacted with
Command duration or timeout: 30.04 seconds
Build info: version: '2.48.2', revision: 
'41bccdd10cf2c0560f637404c2d96164b67d9d67', time: '2015-10-09 13:08:06'
System info: host: 'testing-docker-60ee1fc8-0996-4929-93bf-f3f4ab1d7d4e', 
ip: '172.17.0.8', os.name: 'Linux', os.arch: 'amd64', os.version: 
'4.4.0-47-generic', java.version: '1.7.0_76'
Session ID: e568225a-5433-4a6e-b11a-85faf279113b
Driver info: org.openqa.selenium.firefox.FirefoxDriver
Capabilities [{platform=LINUX, acceptSslCerts=true, javascriptEnabled=true, 
cssSelectorsEnabled=true, databaseEnabled=true, browserName=firefox, 
handlesAlerts=true, nativeEvents=false, webStorageEnabled=true, 
rotatable=false, locationContextEnabled=true, applicationCacheEnabled=true, 
takesScreenshot=true, version=31.0}]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at 
org.openqa.selenium.remote.ErrorHandler.createThrowable(ErrorHandler.java:206)
at 
org.openqa.selenium.remote.ErrorHandler.throwIfResponseFailed(ErrorHandler.java:158)
at 
org.openqa.selenium.remote.RemoteWebDriver.execute(RemoteWebDriver.java:647)
at 
org.openqa.selenium.remote.RemoteWebElement.execute(RemoteWebElement.java:326)
at 
org.openqa.selenium.remote.RemoteWebElement.sendKeys(RemoteWebElement.java:121)
at 
org.apache.zeppelin.integration.ParagraphActionsIT.testEditOnDoubleClick(ParagraphActionsIT.java:443)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1614: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1614


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1614: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1614


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1614: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/1614

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to Apache Knox

### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to what Apache Knox provides. This is 
critical as in large enterprise environments Active Directory Global Catalogs 
are used for lookup with samAccountName and using a DN Template is not an 
option as their are multiple OUs. Also searching on "userPrincipalName" is 
risky in an AD environment since the explicit UPN vs Implicit UPN can be 
different this is definitely the case with environments using Office 365. And 
the LDAP userPrincipalName attribute is the explicit UPN which can be defined 
by the directory administrator to any value and it can be duplicated. 
SamAccountName is unique per domain and Microsoft states best practice is to 
not allow duplicate samAccountName's across the forest. 

In addition to the above changes I have adjusted and moved the 
LdapGroupRealm and ActiveDirectoryGroupRealm into the org.apache.zeppelin.realm 
package structure to make all Realm's consistent. 

The LdapRealm class also works with role to group mapping for usage within 
Zeppelin for notebook authorization.

I have adjusted SecurityUtils to use ClassName vs realmName in determining 
what to use as you may have companies that decide to use their own custom 
realmname in shiro.ini and may not realize you cannot so using className is 
much safer. 


Example - SecurityUtils
String name = realm.getClass().getName();
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
  allRoles = ((IniRealm) realm).getIni().get("roles");
  break;
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
  allRoles = ((LdapRealm) realm).getListRoles();
  break;
}

Example - SecurityRestApi:
  String name = realm.getClass().getName();
  if (LOG.isDebugEnabled()) {
LOG.debug("RealmClass.getName: " + name);
  }
  if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
usersList.addAll(getUserListObj.getUserList((IniRealm) realm));
rolesList.addAll(getUserListObj.getRolesList((IniRealm) realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) 
realm, searchText));
  } else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, 
searchText));
rolesList.addAll(getUserListObj.getRolesList((LdapRealm) 
realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {

usersList.addAll(getUserListObj.getUserList((ActiveDirectoryGroupRealm) realm,
searchText));
  } else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
usersList.addAll(getUserListObj.getUserList((JdbcRealm) realm));
  }

Please see feedback from previous PRs related to this JIRA:
https://github.com/apache/zeppelin/pull/1513

### What type of PR is it?
[Improvement]

### Todos
* [ ] - Task

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472

### How should this be tested?
Update shiro.ini to use configuration similar to below:
# Sample LDAP configuration, for user Authentication, currently tested for 
single Realm 
[main] 
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername = 
CN=hdplookup,OU=hadoop,DC=hdpusr,DC=senia,DC=org
ldapADGCRealm.contextFactory.systemPassword = ldapBindPassword
ldapADGCRealm.searchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.userSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.groupSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.authorizationEnabled = true
ldapADGCRealm.contextFactory.url = ldap://seniadc1.hdpusr.senia.org:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member
ldapADGCRealm.rolesByGroup = hdpeng: admin, \
 hadoopusers: user

securityManager.realms = $ldapADGCRealm 

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 

### If caching of user is required then uncomment below lines 
#ca

[GitHub] zeppelin issue #1614: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1614
  
No problem Let me know if you see any others or if you need me to adjust 
this code at all



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1614: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/1614

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to Apache Knox

### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to what Apache Knox provides. This is 
critical as in large enterprise environments Active Directory Global Catalogs 
are used for lookup with samAccountName and using a DN Template is not an 
option as their are multiple OUs. Also searching on "userPrincipalName" is 
risky in an AD environment since the explicit UPN vs Implicit UPN can be 
different this is definitely the case with environments using Office 365. And 
the LDAP userPrincipalName attribute is the explicit UPN which can be defined 
by the directory administrator to any value and it can be duplicated. 
SamAccountName is unique per domain and Microsoft states best practice is to 
not allow duplicate samAccountName's across the forest. 

In addition to the above changes I have adjusted and moved the 
LdapGroupRealm and ActiveDirectoryGroupRealm into the org.apache.zeppelin.realm 
package structure to make all Realm's consistent. 

The LdapRealm class also works with role to group mapping for usage within 
Zeppelin for notebook authorization.

I have adjusted SecurityUtils to use ClassName vs realmName in determining 
what to use as you may have companies that decide to use their own custom 
realmname in shiro.ini and may not realize you cannot so using className is 
much safer. 


Example - SecurityUtils
String name = realm.getClass().getName();
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
  allRoles = ((IniRealm) realm).getIni().get("roles");
  break;
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
  allRoles = ((LdapRealm) realm).getListRoles();
  break;
}

Example - SecurityRestApi:
  String name = realm.getClass().getName();
  if (LOG.isDebugEnabled()) {
LOG.debug("RealmClass.getName: " + name);
  }
  if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
usersList.addAll(getUserListObj.getUserList((IniRealm) realm));
rolesList.addAll(getUserListObj.getRolesList((IniRealm) realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) 
realm, searchText));
  } else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, 
searchText));
rolesList.addAll(getUserListObj.getRolesList((LdapRealm) 
realm));
  } else if 
(name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {

usersList.addAll(getUserListObj.getUserList((ActiveDirectoryGroupRealm) realm,
searchText));
  } else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
usersList.addAll(getUserListObj.getUserList((JdbcRealm) realm));
  }

Please see feedback from previous PRs related to this JIRA:
https://github.com/apache/zeppelin/pull/1513

### What type of PR is it?
[Improvement]

### Todos
* [ ] - Task

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472

### How should this be tested?
Update shiro.ini to use configuration similar to below:
# Sample LDAP configuration, for user Authentication, currently tested for 
single Realm 
[main] 
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername = 
CN=hdplookup,OU=hadoop,DC=hdpusr,DC=senia,DC=org
ldapADGCRealm.contextFactory.systemPassword = ldapBindPassword
ldapADGCRealm.searchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.userSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.groupSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.authorizationEnabled = true
ldapADGCRealm.contextFactory.url = ldap://seniadc1.hdpusr.senia.org:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member
ldapADGCRealm.rolesByGroup = hdpeng: admin, \
 hadoopusers: user

securityManager.realms = $ldapADGCRealm 

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 

### If caching of user is required then uncomment below lines 
#ca

[GitHub] zeppelin issue #1614: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1614
  
reopen for clean up


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1513: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1513


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1513: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1513
  
@nazgul33 refactoring some code fix coming.. To utilize groups and users 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exceptio...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1516
  
@zjffdu went and confirmed the previous error from the pull 19 days ago was 
in a set of tests that ran completely fine this time. So I think this patch is 
good to go


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exceptio...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1516
  
@zjffdu I re-run the tests. This error doesn't look to have anything to do 
with the code change here. Let me know your thoughts and how we want to proceed

Tests run: 9, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 196.06 sec 
<<< FAILURE! - in org.apache.zeppelin.integration.ParagraphActionsIT
testEditOnDoubleClick(org.apache.zeppelin.integration.ParagraphActionsIT)  
Time elapsed: 37.614 sec  <<< ERROR!
org.openqa.selenium.ElementNotVisibleException: Element is not currently 
visible and so may not be interacted with
Command duration or timeout: 30.08 seconds
Build info: version: '2.48.2', revision: 
'41bccdd10cf2c0560f637404c2d96164b67d9d67', time: '2015-10-09 13:08:06'
System info: host: 'testing-worker-linux-docker-cccaeb55-3455-linux-3', ip: 
'172.17.1.168', os.name: 'Linux', os.arch: 'amd64', os.version: 
'3.13.0-40-generic', java.version: '1.7.0_76'
Session ID: 461cd88c-98e9-467e-88bd-e44eab394a92
Driver info: org.openqa.selenium.firefox.FirefoxDriver
Capabilities [{platform=LINUX, acceptSslCerts=true, javascriptEnabled=true, 
cssSelectorsEnabled=true, databaseEnabled=true, browserName=firefox, 
handlesAlerts=true, nativeEvents=false, webStorageEnabled=true, 
rotatable=false, locationContextEnabled=true, applicationCacheEnabled=true, 
takesScreenshot=true, version=31.0}]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at 
org.openqa.selenium.remote.ErrorHandler.createThrowable(ErrorHandler.java:206)
at 
org.openqa.selenium.remote.ErrorHandler.throwIfResponseFailed(ErrorHandler.java:158)
at 
org.openqa.selenium.remote.RemoteWebDriver.execute(RemoteWebDriver.java:647)
at 
org.openqa.selenium.remote.RemoteWebElement.execute(RemoteWebElement.java:326)
at 
org.openqa.selenium.remote.RemoteWebElement.sendKeys(RemoteWebElement.java:121)
at 
org.apache.zeppelin.integration.ParagraphActionsIT.testEditOnDoubleClick(ParagraphActionsIT.java:443)
Caused by: org.openqa.selenium.ElementNotVisibleException: Element is not 
currently visible and so may not be interacted with
Build info: version: '2.48.2', revision: 
'41bccdd10cf2c0560f637404c2d96164b67d9d67', time: '2015-10-09 13:08:06'
System info: host: 'testing-worker-linux-docker-cccaeb55-3455-linux-3', ip: 
'172.17.1.168', os.name: 'Linux', os.arch: 'amd64', os.version: 
'3.13.0-40-generic', java.version: '1.7.0_76'


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 E...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/1516

ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exception not caught Kerberos 
Enabled

### What is this PR for?

ZEPPELIN-1546: Zeppelin Livy Interpreter 404 Exception not caught with 
Kerberos
Livy Interpreter gets a NestedRuntimeException when running with Kerberized 
components.
### What type of PR is it?

[Bug Fix]
### What is the Jira issue?

https://issues.apache.org/jira/browse/ZEPPELIN-1546
### How should this be tested?

Enable Kerberos for Zeppelin to talk to Livy
"2BXS1CND2": {
  "id": "2BXS1CND2",
  "name": "livy",
  "group": "livy",
  "properties": {
"livy.spark.driver.cores": "",
"zeppelin.livy.principal": "zeppelin-clustern...@example.com",
"zeppelin.livy.keytab": 
"/etc/security/keytabs/zeppelin.server.kerberos.keytab",
### Screenshots (if appropriate)
### Questions:
- Does the licenses files need update? n
- Is there breaking changes for older versions? n
    - Does this needs documentation? n


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1546

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1516.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1516


commit 54d8fe43adff15097aa8075a7976d6b96cd68b3f
Author: gss2002 <g...@senia.org>
Date:   2016-10-14T03:24:35Z

ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exception not caught with
KerberosTemplate being enabled




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 E...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1516


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exceptio...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1516
  
Reopen to re-check code and error


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1514: ZEPPELIN-1516. NPE LivySparkSQLInterpreter thrown with...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1514
  
@prabhjyotsingh I have only seen this issue with livy.sql as it is the only 
one that shares the HashMap between livy.spark and livy.sql. livy.sparkr and 
livy.pyspark do not share session info. In the future yes?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1447: [ZEPPELIN-1293] Re-create Livy session if it's lost

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1447
  
@spektom / @zjffdu @purechoc there is definitely an additional condition. 
Not sure if it's because the ConcurrentHashMaps are not being used correctly. 
But the exception doesn't get caught completely or correctly at times with the 
fix proposed here..


ERROR [2016-10-19 14:19:57,638] ({pool-2-thread-11} 
LivyHelper.java[executeHTTP]:378) - Error with 404 StatusCode: "Session '9' not 
found."
ERROR [2016-10-19 14:19:57,638] ({pool-2-thread-11} 
LivyHelper.java[interpretInput]:229) - error in interpretInput
org.apache.zeppelin.livy.LivyHelper$LivyNoSessionException: Session not 
found, Livy server would have restarted, or lost session.
at 
org.apache.zeppelin.livy.LivyHelper.executeCommand(LivyHelper.java:312)
at org.apache.zeppelin.livy.LivyHelper.interpret(LivyHelper.java:241)
at 
org.apache.zeppelin.livy.LivyHelper.interpretInput(LivyHelper.java:189)
at 
org.apache.zeppelin.livy.LivySparkInterpreter.interpret(LivySparkInterpreter.java:106)
at 
org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:94)
at 
org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:390)
at org.apache.zeppelin.scheduler.Job.run(Job.java:176)
at 
org.apache.zeppelin.scheduler.FIFOScheduler$1.run(FIFOScheduler.java:139)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
 INFO [2016-10-19 14:19:57,639] ({pool-2-thread-11} 
SchedulerFactory.java[jobFinished]:137) - Job remoteInterpretJob_1476901197622 
finished by scheduler org.apache.zeppelin.livy.LivySparkInterpreter37814848
 INFO [2016-10-19 14:19:57,819] ({pool-2-thread-34} 
SchedulerFactory.java[jobStarted]:131) - Job remoteInterpretJob_1476901197819 
started by scheduler org.apache.zeppelin.livy.LivySparkInterpreter37814848
ERROR [2016-10-19 14:19:57,835] ({pool-2-thread-34} 
LivyHelper.java[executeHTTP]:378) - Error with 404 StatusCode: "Session '9' not 
found."
ERROR [2016-10-19 14:19:57,835] ({pool-2-thread-34} 
LivyHelper.java[interpretInput]:229) - error in interpretInput
org.apache.zeppelin.livy.LivyHelper$LivyNoSessionException: Session not 
found, Livy server would have restarted, or lost session.
at 
org.apache.zeppelin.livy.LivyHelper.executeCommand(LivyHelper.java:312)
at org.apache.zeppelin.livy.LivyHelper.interpret(LivyHelper.java:241)
at 
org.apache.zeppelin.livy.LivyHelper.interpretInput(LivyHelper.java:189)
at 
org.apache.zeppelin.livy.LivySparkInterpreter.interpret(LivySparkInterpreter.java:106)
at 
org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:94)
at 
org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:390)
at org.apache.zeppelin.scheduler.Job.run(Job.java:176)
at 
org.apache.zeppelin.scheduler.FIFOScheduler$1.run(FIFOScheduler.java:139)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
 INFO [2016-10-19 14:19:57,836] ({pool-2-thread-34} 
SchedulerFactory.java[jobFinished]:137) - Job remoteInterpretJob_1476901197819 
finished by scheduler org.apache.zeppelin.livy.LivySparkInterpreter37814848



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1447: [ZEPPELIN-1293] Re-create Livy session if it's lost

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1447
  
@spektom  just tested against my build by catching the exception and 
rethrowing.. It definitely solves the issue.

} catch (LivyNoSessionException e) {
throw e;
} catch (Exception e) {
  LOGGER.error("error in interpretInput", e);
  return new InterpreterResult(Code.ERROR, e.getMessage());
}
  }

  public InterpreterResult interpret(String stringLines,

The code base I'm using is here with you patch and a few of @zjffdu patches 
and one of mine for NestedRuntimeException for 404's with KerberosTemplate: 
https://github.com/gss2002/zeppelin/blob/GSS_PROD_BUILD/livy/src/main/java/org/apache/zeppelin/livy/LivyHelper.java


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1447: [ZEPPELIN-1293] Re-create Livy session if it's lost

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1447
  
@spektom I think what happens here is this code fires.. which has nothing 
to do with the fix here.. 

in LivySparkInterpreter:
  return livyHelper.interpretInput(line, interpreterContext, 
userSessionMap, out,
  sessionId2AppIdMap.get(sessionId), 
sessionId2WebUIMap.get(sessionId), displayAppInfo);

That gets called before the NoSessionException occurs.. And then in 
LivyHelper --> public InterpreterResult interpretInput grabs the exception 
and handles it. I guess the question is can we do a rootcause on this and 
rethrow?

} catch (Exception e) {
  LOGGER.error("error in interpretInput", e);
  return new InterpreterResult(Code.ERROR, e.getMessage());
}


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1513: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1513
  
@khalidhuseynov and @zjffdu can we look at committing this since tests have 
passed. If not let me know what else is needed.

Thanks


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exceptio...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1516
  
@zjffdu and @prabhjyotsingh is this safe to be committed at this point?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1447: [ZEPPELIN-1293] Re-create Livy session if it's lost

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1447
  
@spektom this fix is good. Did some extensive load testing with it this AM 
and it solves the session expiration issues. Thanks for the contribution


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1458: [ZEPPELIN-1486] Allow configuring whether shown values...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1458
  
Also input validation is secure java coding best practice regardless.. 
http://www.oracle.com/technetwork/java/seccodeguide-139067.html#5


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1458: [ZEPPELIN-1486] Allow configuring whether shown values...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1458
  
Well we will just agree to disagree



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1513: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1513
  
Rerun build as error is not related to this patch.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1513: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/1513

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm

### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to what Apache Knox provides. This is 
critical as in large enterprise environments Active Directory Global Catalogs 
are used for lookup with samAccountName and using a DN Template is not an 
option as their are multiple OUs. Also searching on "userPrincipalName" is 
risky in an AD environment since the explicit UPN vs Implicit UPN can be 
different this is definitely the case with environments using Office 365. And 
the LDAP userPrincipalName attribute is the explicit UPN which can be defined 
by the directory administrator to any value and it can be duplicated. 
SamAccountName is unique per domain and Microsoft states best practice is to 
not allow duplicate samAccountName's across the forest.



### What type of PR is it?
[Improvement]

### Todos
None

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472

### How should this be tested?
Setup shiro.ini to use the following configuration:
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername = 
CN=hdpbind,OU=Svc,DC=exadc,DC=w2k,DC=example,DC=com
ldapADGCRealm.contextFactory.systemPassword = ldapPassword
ldapADGCRealm.searchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.userSearchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.groupSearchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.contextFactory.url = 
ldap://exampledc1.exadc.w2k.example.com:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.userObjectClass = user
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member

### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? n


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1472

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1513.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1513


commit 34938754ac7e220a03cc1817bf93f2cf2d189ee9
Author: gss2002 <g...@senia.org>
Date:   2016-10-11T03:58:51Z

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm
Class

commit 8991d647b024d04eed7005173b4a8eec07b18c6c
Author: gss2002 <g...@senia.org>
Date:   2016-10-14T00:48:25Z

Merge remote-tracking branch 'upstream/master' into ZEPPELIN-1472




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1513: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1513


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 E...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1516


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 E...

[gss2002]

GitHub user gss2002 reopened a pull request:

https://github.com/apache/zeppelin/pull/1516

ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exception not caught Kerberos 
Enabled

### What is this PR for?
ZEPPELIN-1546: Zeppelin Livy Interpreter 404 Exception not caught with 
Kerberos
Livy Interpreter gets a NestedRuntimeException when running with Kerberized 
components.



### What type of PR is it?
[Bug Fix]

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1546

### How should this be tested?
Enable Kerberos

### Screenshots (if appropriate)

### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? n

KerberosTemplate being enabled

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1546

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1516.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1516


commit 54d8fe43adff15097aa8075a7976d6b96cd68b3f
Author: gss2002 <g...@senia.org>
Date:   2016-10-14T03:24:35Z

ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exception not caught with
KerberosTemplate being enabled




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exceptio...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1516
  
@zjffdu and @prabhjyotsingh here is the 404 NestedRuntime Fix


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1516: ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 E...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/1516

ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exception not caught Kerberos 
Enabled

### What is this PR for?
ZEPPELIN-1546: Zeppelin Livy Interpreter 404 Exception not caught with 
Kerberos
Livy Interpreter gets a NestedRuntimeException when running with Kerberized 
components.



### What type of PR is it?
[Bug Fix]

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1546

### How should this be tested?
Enable Kerberos

### Screenshots (if appropriate)

### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? n

KerberosTemplate being enabled

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1546

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1516.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1516


commit ed439589c13c2f57c8d376634c4574e1f3697675
Author: gss2002 <g...@senia.org>
Date:   2016-10-14T03:24:35Z

ZEPPELIN-1546 - Zeppelin Livy Interpreter 404 Exception not caught with
KerberosTemplate being enabled




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu this may be me misunderstanding the code. but if you have 10 users 
in Zeppelin all accessing PySpark or SparkR there is no possibility of multiple 
users stepping on the map? So you are saying only 1 thread to interpret is 
available?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu Not a problem. Also I assume we will want to fix SparkR and PySpark 
also to use ConcurrentHashMaps since they could have multiuser's hitting it. I 
noticed some of the other interpreters use ConcurrentHashmaps.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1512: Zeppelin 1516 1546

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1512


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu Also those new maps added with ZEPPELIN-1430 those should be 
changed to ConcurrentHashMap. Basically any map that is static with 
gets/puts/removes etc should be ConcurrentHashMap if not trouble will ensue - 
https://dzone.com/articles/java-7-hashmap-vs

https://issues.apache.org/jira/browse/ZEPPELIN-1293 - The code in this 
needs to be adjust to check for null also. If json is null create new session 
as other errors could occur and cause issues as I saw during debug the last few 
days. I will adjust the ZEPPELIN-1546 JIRA to just handle the 
NestedRuntimeException.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1426: ZEPPELIN-1430. Display appId and webui link in LivyInt...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1426
  
@zjffdu and @prabhjyotsingh the new static Maps can these be converted to 
ConcurrentHashMaps's to prevent possible future contention with multiple 
users/threads.

https://dzone.com/articles/java-7-hashmap-vs


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1447: [ZEPPELIN-1293] Re-create Livy session if it's lost

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1447
  
@spektom and @zjffdu is it possible to add a null check also. I've been 
doing some debugging over the past few days and certain situations can cause 
nulls to be returned and in theory if a null is being returned the session is 
dead.

**So instead of this:**
 if (json.matches("^(\")?Session (\'[0-9]\' )?not found(.?\"?)$")) {
   throw new LivyNoSessionException();

**This:**
boolean clearSession = false;
if (json != null) {
  if (json.matches("^(\")?Session (\'[0-9]\' )?not found(.?\"?)$")) {
clearSession = true;
  }
} else {
  clearSession = true;
}
if (clearSession) {
  throw new LivyNoSessionException();
}


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu The change you made solved the issue. I see difference now. Your 
quick workaround is good to go. I am going to fix the LivyHelper to handle the 
404 with NestedException if that works under ZEPPELIN-1546. cc @prabhjyotsingh 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu testing the changes again with another build. I see a slight 
difference between your's and mine. Testing again ill advise shortly


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu I tried that same code multiple times and it did not work to be 
completely honest.. I have an email out to a JDK Developer/Debugger for one of 
the large JDK vendors to find out why this isn't specifically working. The 
reason I moved to the Singleton model for those classes is to prevent some bad 
stuff from happening as there is no guarantee when you have multiple requests 
coming in at the same time that you won't end up with multiple maps. Also I 
opened ZEPPELIN-1546 to try to solve the 404 problem which I was able to solve. 
If you want go ahead and merge. I will refactor the code after the fact but 
honestly I would try to move to the singleton model if multiple request and 
users will be hitting the Interpreter. I do understand trying to keep this code 
simple but unfortunately this is not a simple function. if you would like to 
discuss this further offline shoot me an email. 

I based my implementation off of this and some issues I hit supporting some 
large scale apps over the years.

http://stackoverflow.com/questions/11165852/java-singleton-and-synchronization





---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1513: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1513
  
@khalidhuseynov made the requested changes and updated documentation. 
Please let me know what you think. Also I will be willing to create a jira and 
move the other Realms.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1513: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/1513

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm

### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: 
Provides LdapRealm Functionality similar to what Apache Knox provides. This is 
critical as in large enterprise environments Active Directory Global Catalogs 
are used for lookup with samAccountName and using a DN Template is not an 
option as their are multiple OUs. Also searching on "userPrincipalName" is 
risky in an AD environment since the explicit UPN vs Implicit UPN can be 
different this is definitely the case with environments using Office 365. And 
the LDAP userPrincipalName attribute is the explicit UPN which can be defined 
by the directory administrator to any value and it can be duplicated. 
SamAccountName is unique per domain and Microsoft states best practice is to 
not allow duplicate samAccountName's across the forest.



### What type of PR is it?
[Improvement]

### Todos
None

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472

### How should this be tested?
Setup shiro.ini to use the following configuration:
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername = 
CN=hdpbind,OU=Svc,DC=exadc,DC=w2k,DC=example,DC=com
ldapADGCRealm.contextFactory.systemPassword = ldapPassword
ldapADGCRealm.searchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.userSearchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.groupSearchBase = dc=w2k,dc=example,dc=com
ldapADGCRealm.contextFactory.url = 
ldap://exampledc1.exadc.w2k.example.com:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.userObjectClass = user
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member

### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? n


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1472

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1513.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1513


commit 34938754ac7e220a03cc1817bf93f2cf2d189ee9
Author: gss2002 <g...@senia.org>
Date:   2016-10-11T03:58:51Z

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm
Class

commit 8991d647b024d04eed7005173b4a8eec07b18c6c
Author: gss2002 <g...@senia.org>
Date:   2016-10-14T00:48:25Z

Merge remote-tracking branch 'upstream/master' into ZEPPELIN-1472




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1493: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1493
  
@khalidhuseynov 
I'm going to make the changes and move this under realms. I will also close 
this pull request and open a new one


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1493: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

Github user gss2002 closed the pull request at:

https://github.com/apache/zeppelin/pull/1493


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
Also Static HashMaps are not threadsafe with multiple puts in the case of 
multiple users. Hence why I built out Singletons to keep track of these objects 
to guarantee only one instance gets created. this also allowed for the 
corrupt/lost session fix to be built out. Basically I propose to merge 
ZEPPELIN-1516 and ZEPPELIN-1546 and to solve the last remaining issues.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1512: Zeppelin 1516 1546

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/1512

Zeppelin 1516 1546

### What is this PR for?
Livy Interpreter gets a NestedRuntimException when running with Kerberized 
components.
ERROR [2016-10-11 22:44:47,769] (
{pool-2-thread-11} LivyHelper.java[interpretInput]:192) - Interpreter 
exception 
org.springframework.web.client.RestClientException: Error running rest 
call; nested exception is 
org.springframework.web.client.HttpClientErrorException: 404 Not Found 
at 
org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:196)
 
at 
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:580) 
at 
org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:498) 
at org.apache.zeppelin.livy.LivyHelper.executeHTTP(LivyHelper.java:377) 
at org.apache.zeppelin.livy.LivyHelper.executeCommand(LivyHelper.java:301) 
at org.apache.zeppelin.livy.LivyHelper.interpret(LivyHelper.java:239) 
at org.apache.zeppelin.livy.LivyHelper.interpretInput(LivyHelper.java:190) 
at 
org.apache.zeppelin.livy.LivySparkInterpreter.interpret(LivySparkInterpreter.java:79)
 
at 
org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:94)
 
at 
org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:390)
 
at org.apache.zeppelin.scheduler.Job.run(Job.java:176) 


### What type of PR is it?
[Improvement | Feature | Refactoring]

### Todos
Doc and Merge latest changes from LivyHelper into code base

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1546

### How should this be tested?
Kerberize Hadoop Cluster, Kerberize Livy Server and Enable Security around 
Zeppelin with multi-user and stop/start running LivyServer

### Screenshots (if appropriate)

### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? n


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1516_1546

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1512.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1512


commit 11bcd2d1db02ff2dbb2a8e560e3f09fe37057796
Author: gss2002 <g...@senia.org>
Date:   2016-10-11T04:09:23Z

ZEPPELIN-1516 Static/Singleton for userSessionMaps

commit 93c2b1488f6f3610c28a10537b18e3d394c8f9e2
Author: gss2002 <g...@senia.org>
Date:   2016-10-13T16:28:42Z

ZEPPELIN-1546 Zeppelin Livy Interpreter Session Management Recovery




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
@zjffdu I tried to do that initially problem is instantiation of the shared 
object. I can probably consolidate down to one SessionMap but I think if there 
is sharing needed between sparkSQL and Spark it's best to do it this way minus 
other solutions. I'll ping @vinayshukla I was discussing this issue with him at 
Hadoop World a few weeks ago. Maybe we can setup a call to discuss?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1503: NPE LivySparkSQLInterpreter thrown with %livy.sql inte...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1503
  
Attempted to use the work around (protected static Map<String, Integer> 
userSessionMap = new HashMap<>(); ) provided by @zjffdu it did not work. So I 
went with the more involved re-write and it has solved our problems in our 
large scale environment and provides the correct sharing between session 
contexts.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1503: NPE LivySparkSQLInterpreter thrown with %livy.s...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/1503

NPE LivySparkSQLInterpreter thrown with %livy.sql interpreter function

### What is this PR for?
The LivySparkSQLInterpreter class does not correctly process the 
userSessionMap throwing back an NPE when using %livy.sql or %sql when livy is 
default binding. This prevents correct sharing between Spark Sessions and 
SparkSQL Sessions. I have attached a fix that implements seperate static single 
instance classes that manage userSessionMaps.


### What type of PR is it?
Bug Fix/Improvement

### Todos
Documentation/Unit Tests

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1516

### How should this be tested?
Run %sql or %livy.sql against a sql enabled dataset such as hive metastore.

### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? m



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin ZEPPELIN-1516

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1503.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1503


commit 11bcd2d1db02ff2dbb2a8e560e3f09fe37057796
Author: gss2002 <g...@senia.org>
Date:   2016-10-11T04:09:23Z

ZEPPELIN-1516 Static/Singleton for userSessionMaps




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1493: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

[gss2002]

Github user gss2002 commented on the issue:

https://github.com/apache/zeppelin/pull/1493
  
@vinayshukla here is the pull request for the LdapRealm enhancement we 
discussed last week at HadoopWorld/Strata


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1493: ZEPPELIN-1472 - Create new LdapRealm based on A...

[gss2002]

GitHub user gss2002 opened a pull request:

https://github.com/apache/zeppelin/pull/1493

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm

### What is this PR for?
Provides LdapRealm Functionality similar to what Apache Knox provides. This 
is critical as in large enterprise environments Active Directory Global 
Catalogs are used for lookup with samAccountName and using a DN Template is not 
an option as their are multiple OUs. Also searching on "userPrincipalName" is 
risky in an AD environment since the explicit UPN vs Implicit UPN can be 
different this is definitely the case with environments using Office 365. And 
the LDAP userPrincipalName attribute is the explicit UPN which can be defined 
by the directory administrator to any value and it can be duplicated. 
SamAccountName is unique per domain and Microsoft states best practice is to 
not allow duplicate samAccountName's across the forest. 

Information about samAccountName and userPrincipalName with ActiveDirectory

http://windowsitpro.com/active-directory/q-does-samaccountname-object-have-be-unique-active-directory-domain-or-entire-fores

https://jorgequestforknowledge.wordpress.com/2010/10/12/user-principal-names-in-ad-part-1/
 
### What type of PR is it?
Improvement

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472

### How should this be tested?
shiro.ini
[main]
ldapRealm = org.apache.zeppelin.server.LdapRealm
ldapRealm.contextFactory.systemUsername = 
CN=hdpbind,OU=Svc,DC=exadc,DC=w2k,DC=example,DC=com
ldapRealm.contextFactory.systemPassword = ldapPassword
ldapRealm.searchBase = dc=w2k,dc=example,dc=com
ldapRealm.userSearchBase = dc=w2k,dc=example,dc=com
ldapRealm.groupSearchBase = dc=w2k,dc=example,dc=com
ldapRealm.contextFactory.url = ldap://exampledc1.exadc.w2k.example.com:3268
ldapRealm.userSearchAttributeName = sAMAccountName
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.userObjectClass = user
ldapRealm.groupObjectClass = group
ldapRealm.memberAttribute = member
securityManager.realms = $ldapRealm


### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? y


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/gss2002/zeppelin master

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/1493.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1493


commit 4b5963a2019f1fded13e6ce9942033101ef2acf1
Author: Initial Commit <gse...@apache.org>
Date:   2016-10-07T00:55:42Z

ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm
Class

In our environment we attempted to use the ActiveDirectoryGroupRealm and
the LdapGroupRealm but unfortunately those implementations against Shiro
do not support ADLDAP Global Catalog. Also searching on
"userPrincipalName" is risky in an AD environment since the explicit UPN
vs Implicit UPN can be different. And the LDAP userPrincipalName
attribute is the explicit UPN which can be defined by the directory
administrator to any value and it can be duplicated.. SamAccountName is
unique per domain and Microsoft states best practice is to not allow
duplicate samAccountName's per the forest. I have attached a
semi-working modified KnoxLdapRealm which works against samAccountName
and global catalog for auth.

http://windowsitpro.com/active-directory/q-does-samaccountname-object-have-be-unique-active-directory-domain-or-entire-fores

https://jorgequestforknowledge.wordpress.com/2010/10/12/user-principal-names-in-ad-part-1/




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---