Hi,
We have been trying to add the right shiro configuration[zeppelin version
0.8] so that only specific groups can log into zeppelin and also different
permissions based on their roles. What we are seeing is that we are able to log
into zeppelin but no roles are being attached to the user when it logs in.
Below are our ldapConfigs defined in shiro.ini . Please let us know what are we
missing in this configuration.
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.contextFactory.url = ldaps://ldap.myorg.com:630
ldapRealm.userDnTemplate= uid={0},ou=people,dc=myorg,dc=com
ldapRealm.searchBase = dc=myorg,dc=com
ldapRealm.userSearchBase = ou=people,dc=myorg,dc=com
ldapRealm.groupSearchBase = ou=groups,dc=myorg,dc=com
ldapRealm.groupObjectClass = posixGroup
ldapRealm.userSearchAttributeName = uid
ldapRealm.memberAttribute = memberUid
ldapRealm.userLowerCase = true
ldapRealm.userSearchScope = subtree;
ldapRealm.groupSearchScope = subtree;
ldapRealm.rolesByGroup = zeppelin-admins: admin
ldapRealm.permissionsByRole = admin:*
securityManager.realms = $ldapRealm
this is what we are seeing in logs
{"status":"OK","message":"","body":{"principal":"brill","ticket":"00518eb5-d435-4ce5-a875-eb3cce775554","roles":"[]"}}
Thanks,
brill
