You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Jeson (Jira)" <ji...@apache.org> on 2019/12/18 10:04:00 UTC

[jira] [Created] (ZEPPELIN-4492) zeppelin0.8.0 fail to fetch ldap role

Jeson created ZEPPELIN-4492:
-------------------------------

             Summary: zeppelin0.8.0 fail to fetch ldap role
                 Key: ZEPPELIN-4492
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4492
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-server
    Affects Versions: 0.8.0
            Reporter: Jeson


Hi,

In zeppelin0.8.0,i can not fetch ldap role.It is strange that groupFilter is (objectClass=groupOfNames)(?=undefined))

ldap.log:
{code:java}
Dec 18 17:24:47 pre slapd[4727]: conn=26283 fd=28 ACCEPT from IP=172.16.180.243:23626 (IP=0.0.0.0:389)
Dec 18 17:24:47 pre slapd[4727]: conn=26283 op=0 BIND dn="" method=128
Dec 18 17:24:47 pre slapd[4727]: conn=26283 op=0 RESULT tag=97 err=49 text=
Dec 18 17:24:47 pre slapd[4727]: conn=26283 fd=28 closed (connection lost)
Dec 18 17:24:47 pre slapd[4727]: conn=26284 fd=28 ACCEPT from IP=172.16.180.243:23628 (IP=0.0.0.0:389)
Dec 18 17:24:47 pre slapd[4727]: conn=26284 op=0 BIND dn="uid=tom,ou=people,dc=zlfzb,dc=com" method=128
Dec 18 17:24:47 pre slapd[4727]: conn=26284 op=0 BIND dn="uid=tom,ou=people,dc=zlfzb,dc=com" mech=SIMPLE ssf=0
Dec 18 17:24:47 pre slapd[4727]: conn=26284 op=0 RESULT tag=97 err=0 text=
Dec 18 17:24:47 pre slapd[4727]: conn=26284 op=1 UNBIND
Dec 18 17:24:47 pre slapd[4727]: conn=26284 fd=28 closed
Dec 18 17:24:47 pre slapd[4727]: conn=26285 fd=28 ACCEPT from IP=172.16.180.243:23630 (IP=0.0.0.0:389)
Dec 18 17:24:47 pre slapd[4727]: conn=26285 op=0 BIND dn="" method=128
Dec 18 17:24:47 pre slapd[4727]: conn=26285 op=0 RESULT tag=97 err=0 text=
Dec 18 17:24:47 pre slapd[4727]: conn=26285 op=1 SRCH base="ou=zeppelin,ou=group,dc=zlfzb,dc=com" scope=2 deref=3 filter="(&(objectClass=groupOfNames)(?=undefined))"
Dec 18 17:24:47 pre slapd[4727]: conn=26285 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec 18 17:24:47 pre slapd[4727]: conn=26285 op=2 UNBIND
Dec 18 17:24:47 pre slapd[4727]: conn=26285 fd=28 closed
{code}
shiro.ini:
{code:java}
[main]
org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.url = ldap://172.16.180.243:389
ldapRealm.contextFactory.authenticationMechanism = SIMPLE
ldapRealm.userDnTemplate = uid={0},ou=people,dc=zlfzb,dc=com
ldapRealm.userSearchBase = ou=people,dc=zlfzb,dc=com
ldapRealm.userObjectClass = posixAccount
ldapRealm.groupSearchBase = ou=zeppelin,ou=group,dc=zlfzb,dc=com
ldapRealm.groupObjectClass = groupofnames
ldapRealm.groupSearchFilter = (&(objectclass=posixGroup)(member={0}))
ldapRealm.groupSearchEnableMatchingRuleInChain = true
ldapRealm.rolesByGroup = GLOBAL_ADMINS: admin_role, zeppelin-manager: admin_role
ldapRealm.allowedRolesForAuthentication = admin_role
ldapRealm.permissionsByRole= admin_role: "*"
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
shiro.loginUrl = /api/login
securityManager.realm = $ldapRealm[roles]
admin = *
zeppelin-manager = *
admin_role = *
{code}
Is there a problem with my shiro configuration?

 

Thanks.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)