Zeppelin auth with AD

[Fawze Abujaber <fa...@gmail.com>]

Hello Community,

I'm working to authniticate Zeppelin login with the AD and below is my
shiro conf.

My issue that the groupRolesMap is working me fine where zeppelin_admin
group are able to login and restart and see the interpreter page and the
member group not and that's fine.
But any user in the other AD trees are able to login to zeppelin, i think
i'm missing some conf in the urls or roles.

Anyone who can help here?


activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
activeDirectoryRealm.systemUsername = zeppelin_bind
activeDirectoryRealm.systemPassword = XXXXXXXX
activeDirectoryRealm.searchBase = "OU=Zeppelin,DC=XXXXX,DC=com"
activeDirectoryRealm.url = ldap://XXX.XXXXXX.com
activeDirectoryRealm.groupRolesMap =
"CN=zeppelin_admins,OU=Zeppelin,DC=XXXXXX,DC=com":"admin","CN=zeppelin_members,OU=Zeppelin,DC=XXXXXXX,DC=com":"member"
activeDirectoryRealm.authorizationCachingEnabled = true
activeDirectoryRealm.principalSuffix=@XXXXX.com
securityManager.realms = $activeDirectoryRealm




shiro.loginUrl = /api/login

[roles]
role1 = *
role2 = *
role3 = *
admin = *

[urls]
/api/version = anon
# Allow all authenticated users to restart interpreters on a notebook page.
# Comment out the following line if you would like to authorize only admin
users to restart interpreters.
/api/interpreter/setting/restart/** = authc
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc


-- 
Take Care
Fawze Abujaber