You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Carlos Andres Zambrano Barrera <cz...@gmail.com> on 2017/11/09 00:05:24 UTC
Error Role to group Mapping - Zeppeling Shiro.ini
Hi Everyone!
We are working in zeppelin 0.7.0 and currently we have the following
configuration in shiro.ini
1. ldapRealm.contextFactory.systemUsername=DC=ad,DC=something,DC=com
2. #ldapRealm.contextFactory.systemPassword=SomePassw0rd
3. ldapRealm.contextFactory.authenticationMechanism=simple
4. ldapRealm.contextFactory.url=ldap://10.X.X.X:389
5. ldapRealm.authorizationEnabled=true
6. ldapRealm.searchBase=DC=ad,DC=something,DC=com
7. ldapRealm.userSearchBase=DC=ad,DC=something,DC=com
8. ldapRealm.groupSearchBase=DC=ad,DC=something,DC=com
9. ldapRealm.rolesByGroup = development: admin, bci: zebci
10. ldapRealm.userObjectClass=person
11. securityManager.realms = $ldapRealm
And our roles section is
1. [roles]
2. role1 = *
3. role2 = *
4. role3 = *
5. admin = *
6. zebci = *
And URL
1. /api/version = authc, roles[admin]
2. /api/interpreter/** = authc, roles[admin]
3. /api/configurations/** = authc, roles[admin]
4. /api/credential/** = authc, roles[admin]
5. #/** = anon
6. /** = authc
When we tried to log in in zeppelin with our user of Active Directory we
could do it, but all the users does not have any permission on /interpreter
/configurations /credentials.
We would like to configura to admin (zeppelin group) users match with
development group from AD and have access to all.
but in the other hand we want that zebci group match with bci group from AD
and does not have access to /interpreter /configurations /credentials.
Error log
WARN [2017-11-08 21:25:47,331] ({qtp1734161410-15}
LoginRestApi.java[postLogin]:115) -
{"status":"OK","message":"","body":{"principal":"fmejia","ticket":"251842b9-52ff-4e54-b689-f65f2c5cffe0","
roles":"[]"}}
Thanks in advance for your help
--
Carlos Andrés Zambrano Barrera
Cel: +57 3174373741
<https://mailtrack.io/> Sent with Mailtrack
<https://chrome.google.com/webstore/detail/mailtrack-for-gmail-inbox/ndnaehgpjlnokgebbaldlmgkapkpjkkb?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality>