You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by fsteinle <gi...@git.apache.org> on 2018/07/26 14:29:54 UTC
[GitHub] zeppelin pull request #3098: ZEPPELIN-3664
GitHub user fsteinle opened a pull request:
https://github.com/apache/zeppelin/pull/3098
ZEPPELIN-3664
* Return "userPrincipalName" from ActiveDirectoryGroupRealm when searching for users.
* Added unit test for search functionality.
### What is this PR for?
Fix for https://issues.apache.org/jira/browse/ZEPPELIN-3664
Return the "userPrincipalName" instead of the "cn" (common name) from ActiveDirectoryGroupRealm when searching users to set note permissions.
### What type of PR is it?
[Bug Fix]
### Todos
* -
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-3664
### How should this be tested?
Steps to reproduce
1. Configure connection to AD with org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
2. Login to Zeppelin
3. Create new notebook
4. Edit the permissions and start typing the name of a AD user to one of the permission fields
5. Select one of the suggestions and save
6. Check the content of "notebook-authorization.json"
Expected result
* The "userPrincipalName" of the user is shown in the suggestion box and written to "notebook-authorization.json" (see screenshot attached).
Actual result
* The "cn" (common name) of the user is shown in the suggestion box and written to "notebook-authorization.json".
### Screenshots
### Questions:
* Does the licenses files need update? - No
* Is there breaking changes for older versions? - No
* Does this needs documentation? - No
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/fsteinle/zeppelin master
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/3098.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3098
----
commit 2daec7c590d39f21c2d437f56ddea0a51bcd0e8f
Author: fsteinle <st...@...>
Date: 2018-07-26T14:22:24Z
ZEPPELIN-3664:
* Return "userPrincipalName" from ActiveDirectoryGroupRealm when searching for users.
* Added unit test for search functionality.
----
---
[GitHub] zeppelin issue #3098: ZEPPELIN-3664
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/3098
@fsteinle Could you update the PR title ?
---
[GitHub] zeppelin issue #3098: ZEPPELIN-3664
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/3098
\cc @prabhjyotsingh
---
[GitHub] zeppelin issue #3098: ZEPPELIN-3664
Posted by mebelousov <gi...@git.apache.org>.
Github user mebelousov commented on the issue:
https://github.com/apache/zeppelin/pull/3098
@fsteinle our team use authorization with parameter
`activeDirectoryRealm.principalSuffix = @company.com`
Thus email is not necessary. Could it possible to use mailNickName, for example?
BTW, `userPrincipalName` is good.
---
[GitHub] zeppelin issue #3098: ZEPPELIN-3664
Posted by fsteinle <gi...@git.apache.org>.
Github user fsteinle commented on the issue:
https://github.com/apache/zeppelin/pull/3098
@mebelousov: Basically this is not related to emails but to the userPrincipalName. The principalSuffix parameter makes sense, but doesn't address this issue. In our case we wanna keep the suffix to be sure it's really unique. Not all users of the organization are in the same AD branch.
---