Hi,
We have the same issue and we have not found a solution yet.
https://lists.apache.org/thread.html/779464e0968c98a190df7b94d78494fde544c7000bf02825abe0fa44@%3Cusers.zeppelin.apache.org%3E
Best,A
On 2018/07/26 23:20:46, capt.br...@gmail.com <capt.br...@gmail.com> wrote:
> Hi,
> We have been trying to add the right shiro configuration[zeppelin version
> 0.8] so that only specific groups can log into zeppelin and also different
> permissions based on their roles. What we are seeing is that we are able to
> log into zeppelin but no roles are being attached to the user when it logs
> in. Below are our ldapConfigs defined in shiro.ini . Please let us know what
> are we missing in this configuration.
>
> ldapRealm = org.apache.zeppelin.realm.LdapRealm
> ldapRealm.contextFactory.authenticationMechanism = simple
> ldapRealm.contextFactory.url = ldaps://ldap.myorg.com:630
> ldapRealm.userDnTemplate= uid={0},ou=people,dc=myorg,dc=com
> ldapRealm.searchBase = dc=myorg,dc=com
> ldapRealm.userSearchBase = ou=people,dc=myorg,dc=com
> ldapRealm.groupSearchBase = ou=groups,dc=myorg,dc=com
> ldapRealm.groupObjectClass = posixGroup
> ldapRealm.userSearchAttributeName = uid
> ldapRealm.memberAttribute = memberUid
> ldapRealm.userLowerCase = true
> ldapRealm.userSearchScope = subtree;
> ldapRealm.groupSearchScope = subtree;
> ldapRealm.rolesByGroup = zeppelin-admins: admin
> ldapRealm.permissionsByRole = admin:*
> securityManager.realms = $ldapRealm
>
> this is what we are seeing in logs
> {"status":"OK","message":"","body":{"principal":"brill","ticket":"00518eb5-d435-4ce5-a875-eb3cce775554","roles":"[]"}}
>
> Thanks,
> brill
>
