You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Raghavender Rao Guruvannagari (JIRA)" <ji...@apache.org> on 2017/04/06 09:16:41 UTC

[jira] [Created] (ZEPPELIN-2366) In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store.

Raghavender Rao Guruvannagari created ZEPPELIN-2366:
-------------------------------------------------------

             Summary: In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store.
                 Key: ZEPPELIN-2366
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2366
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-server
    Affects Versions: 0.7.0, 0.6.0
         Environment: HDP-2.5.3
Ambari-2.4.1.0
Centos 6
            Reporter: Raghavender Rao Guruvannagari


Using hadoop credential store for hiding AD system user password in shiro.ini doesnt work. Below is the config used under [main] for AD authentication :
[main]
### A sample for configuring Active Directory Realm
activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.systemUsername =  hadoopadmin
#use either systemPassword or hadoopSecurityCredentialPath, more details in http://zeppelin.apache.org/docs/latest/security/shiroauthentication.html
activeDirectoryRealm.searchBase = dc=lab,dc=test,dc=net
activeDirectoryRealm.url = ldap://ad-server.lab.test.net:389
activeDirectoryRealm.groupRolesMap = "CN=hadoop-users,OU=CorpUsers,DC=lab,DC=hortonworks,DC=net":"admin"
activeDirectoryRealm.authorizationCachingEnabled = false
activeDirectoryRealm.principalSuffix = @LAB.TEST.NET
securityManager.realm = $activeDirectoryRealm
Exception logged in zeppelin logs :
Caused by: javax.naming.AuthenticationException: LDAP Simple authentication requires both a principal and credentials.
	at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.validateAuthenticationInfo(DefaultLdapContextFactory.java:310)
	at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:261)
	at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:224)
	at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getSystemLdapContext(DefaultLdapContextFactory.java:205)
	at org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.queryForAuthorizationInfo(ActiveDirectoryGroupRealm.java:199)
	at org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthorizationInfo(AbstractLdapRealm.java:207)
	... 45 more



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)