Hello Community, I'm working to authniticate Zeppelin login with the AD and below is my shiro conf.
My issue that the groupRolesMap is working me fine where zeppelin_admin group are able to login and restart and see the interpreter page and the member group not and that's fine. But any user in the other AD trees are able to login to zeppelin, i think i'm missing some conf in the urls or roles. Anyone who can help here? activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = zeppelin_bind activeDirectoryRealm.systemPassword = XXXXXXXX activeDirectoryRealm.searchBase = "OU=Zeppelin,DC=XXXXX,DC=com" activeDirectoryRealm.url = ldap://XXX.XXXXXX.com activeDirectoryRealm.groupRolesMap = "CN=zeppelin_admins,OU=Zeppelin,DC=XXXXXX,DC=com":"admin","CN=zeppelin_members,OU=Zeppelin,DC=XXXXXXX,DC=com":"member" activeDirectoryRealm.authorizationCachingEnabled = true activeDirectoryRealm.principalSuffix=@XXXXX.com securityManager.realms = $activeDirectoryRealm shiro.loginUrl = /api/login [roles] role1 = * role2 = * role3 = * admin = * [urls] /api/version = anon # Allow all authenticated users to restart interpreters on a notebook page. # Comment out the following line if you would like to authorize only admin users to restart interpreters. /api/interpreter/setting/restart/** = authc /api/interpreter/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] #/** = anon /** = authc -- Take Care Fawze Abujaber
