Hi Everyone! We are working in zeppelin 0.7.0 and currently we have the following configuration in shiro.ini
1. ldapRealm.contextFactory.systemUsername=DC=ad,DC=something,DC=com 2. #ldapRealm.contextFactory.systemPassword=SomePassw0rd 3. ldapRealm.contextFactory.authenticationMechanism=simple 4. ldapRealm.contextFactory.url=ldap://10.X.X.X:389 5. ldapRealm.authorizationEnabled=true 6. ldapRealm.searchBase=DC=ad,DC=something,DC=com 7. ldapRealm.userSearchBase=DC=ad,DC=something,DC=com 8. ldapRealm.groupSearchBase=DC=ad,DC=something,DC=com 9. ldapRealm.rolesByGroup = development: admin, bci: zebci 10. ldapRealm.userObjectClass=person 11. securityManager.realms = $ldapRealm And our roles section is 1. [roles] 2. role1 = * 3. role2 = * 4. role3 = * 5. admin = * 6. zebci = * And URL 1. /api/version = authc, roles[admin] 2. /api/interpreter/** = authc, roles[admin] 3. /api/configurations/** = authc, roles[admin] 4. /api/credential/** = authc, roles[admin] 5. #/** = anon 6. /** = authc When we tried to log in in zeppelin with our user of Active Directory we could do it, but all the users does not have any permission on /interpreter /configurations /credentials. We would like to configura to admin (zeppelin group) users match with development group from AD and have access to all. but in the other hand we want that zebci group match with bci group from AD and does not have access to /interpreter /configurations /credentials. Error log WARN [2017-11-08 21:25:47,331] ({qtp1734161410-15} LoginRestApi.java[postLogin]:115) - {"status":"OK","message":"","body":{"principal":"fmejia","ticket":"251842b9-52ff-4e54-b689-f65f2c5cffe0"," roles":"[]"}} Thanks in advance for your help -- Carlos Andrés Zambrano Barrera Cel: +57 3174373741 <https://mailtrack.io/> Sent with Mailtrack <https://chrome.google.com/webstore/detail/mailtrack-for-gmail-inbox/ndnaehgpjlnokgebbaldlmgkapkpjkkb?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality>
