Re: Shiro Configuration - Assigning right roles to different groups in ldap

[Andras <ko...@gmail.com>]

Hi,

We have the same issue and we have not found a solution yet.
https://lists.apache.org/thread.html/779464e0968c98a190df7b94d78494fde544c7000bf02825abe0fa44@%3Cusers.zeppelin.apache.org%3E

Best,A



On 2018/07/26 23:20:46, capt.brill@gmail.com <ca...@gmail.com> wrote: 
> Hi,
>    We have been trying to add the right shiro configuration[zeppelin version 0.8] so that only specific groups can log into zeppelin and also different permissions based on their roles. What we are seeing is that we are able to log into zeppelin but no roles are being attached to the user when it logs in. Below are our ldapConfigs defined in shiro.ini . Please let us know what are we missing in this configuration. 
>  
> ldapRealm = org.apache.zeppelin.realm.LdapRealm
> ldapRealm.contextFactory.authenticationMechanism = simple
> ldapRealm.contextFactory.url = ldaps://ldap.myorg.com:630
> ldapRealm.userDnTemplate= uid={0},ou=people,dc=myorg,dc=com
> ldapRealm.searchBase = dc=myorg,dc=com
> ldapRealm.userSearchBase = ou=people,dc=myorg,dc=com
> ldapRealm.groupSearchBase = ou=groups,dc=myorg,dc=com
> ldapRealm.groupObjectClass = posixGroup
> ldapRealm.userSearchAttributeName = uid
> ldapRealm.memberAttribute = memberUid
> ldapRealm.userLowerCase = true
> ldapRealm.userSearchScope = subtree;
> ldapRealm.groupSearchScope = subtree;
> ldapRealm.rolesByGroup = zeppelin-admins: admin
> ldapRealm.permissionsByRole = admin:*
> securityManager.realms = $ldapRealm
> 
> this is what we are seeing in logs 
> {"status":"OK","message":"","body":{"principal":"brill","ticket":"00518eb5-d435-4ce5-a875-eb3cce775554","roles":"[]"}}
> 
> Thanks,
> brill
>