Github user zlosim commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh i was strugling few days as my groups were not honored and
found this thread :)
I`m having issues described by @ChrisMcVey - using microsoft AD, UPN is not
the same as username
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
@ChrisMcVey Thank you for providing so much inside, is it possible for you
to create a JIRA, with if possible some steps to reproduce, or even dump of
these comments will do, and will try
Github user ChrisMcVey commented on the issue:
https://github.com/apache/zeppelin/pull/986
Well... I'm back again. :)
Apparently, Office 365 requires that userPrincipalName be changed to the
user's routable email address in order for it to be used in any cloud
environments.
Github user ChrisMcVey commented on the issue:
https://github.com/apache/zeppelin/pull/986
Well through some more testing, I've found that it it will accept logins as
_either_ the userPrincipalName (without the realm) _or_ the sAMAccountName.
This true if the principal suffix is NOT
Github user ChrisMcVey commented on the issue:
https://github.com/apache/zeppelin/pull/986
FYI... I have been having similar issues and above and until reading this
thread in detail did I realize it is searching against userPrincipalName and
not sAMAccountName which is a better
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
I have created one:
https://issues.apache.org/jira/browse/ZEPPELIN-2550
---
If your project is set up for it, you can reply to this email and have your
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
@ekantheshwara this sounds like a bug, can you create a JIRA, will try to
address it.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
The issue got resolved. I had to take out the line "securityManager.realms
= $activeDirectoryRealm" from my config and that resolved the issue. I dont see
anything
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
Is there any other way of verifying if the fix is available in my version
of Zeppelin? I dont see a call made to AD to check the group membership when a
Notebook is
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
I set the log level to debug and checked the "Groups found for user". I
could definitely see the group that has been configured as "admin" in shiro.
Also, the
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
Can you run ldapsearch like
`ldapsearch -D "user1" -w pwd -H ldaps://testcore.test.dir.org.com:636 -b
"DC=testcore,DC=test,DC=dir,DC=org,DC=com" -s sub
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
This is my complete shiro config:
[users]
admin = password1
# Sample LDAP configuration, for user Authentication, currently tested for
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
You are right. The log shows:
WARN [2017-04-10 16:37:27,945] ({qtp1577213552-13}
LoginRestApi.java[postLogin]:111) -
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
Sounds like `activeDirectoryRealm.groupRolesMap =
"CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1"` not
configured correctly.
I would recommend
- configure
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
Thanks a lot for your response.
I am using AD and the authentication is working fine. I have a user User1
who is a member of AD_Group1 which is associated with the
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
@ekantheshwara yes, this version should have the above-mentioned fix.
Could be a configuration issue, if you can share what exactly are you
trying with i.e. is it with file based auth,
Github user ekantheshwara commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh
My Zeppelin version is 0.6.0.2.5.0.0-1245
Is this version supposed to have your fix ? I am facing the same issue and
am wondering if I am missing your fix or
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
I think we should as this is to do with AD auth.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not
Github user Leemoonsoo commented on the issue:
https://github.com/apache/zeppelin/pull/986
@prabhjyotsingh is it going to be merged to 0.6-branch, too?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
Merging this if no more discussion.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this
Github user rja1 commented on the issue:
https://github.com/apache/zeppelin/pull/986
Nice job @prabhjyotsingh, thanks for your work! I don't see the extra
ldap call anymore (step 1). I also don't see the large ldap call any longer
(step 4). In addition, all of my roles are mapped
Github user rja1 commented on the issue:
https://github.com/apache/zeppelin/pull/986
Thanks once again @prabhjyotsingh. I really appreciate your work. The
activeDirectoryRealm.principalSuffix works now. I do have some concerns about
the number of ldap calls made and the amount of
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
@rja1 have made some changes, hope
this(188ac170c7a0921044f301ae703bf580a71b2cdf) solves for
"activeDirectoryRealm.principalSuffix isn't honoured"
---
If your project is set up for it,
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
Hi @rja1,
I see two issues in your request;
1. Your AD require you to pass @domainName; I understand in some of the
cases, depending on how you have configured
Github user rja1 commented on the issue:
https://github.com/apache/zeppelin/pull/986
Thanks for your work on this! I built and deployed the zeppelin-946
branch. Unfortunately, I'm unable to authenticate against AD. Looking at the
tcpdump, it appears
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
@vinayshukla, Yes, this fix is for both Active Directory and LDAP. Have
tested this with configuring Active Directory running on Windows Server 2008,
and on an open LDAP running on
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
@Leemoonsoo thank you for taking a look at it. Have added a selenium test
case for the same.
---
If your project is set up for it, you can reply to this email and have your
reply appear on
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/986
Ready for review
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and
28 matches
Mail list logo