https://community.cloudera.com/t5/Support-Questions/How-to-configure-groups-and-roles-mapping-using-ldapRealm-in/m-p/226491#M188351 <P>@farhanekarim The feature was added in zeppelin 0.7.0, so you should be able to get it working. There's some <A href="https://zeppelin.apache.org/docs/0.7.2/security/shiroauthentication.html#ldap">documentation</A> on using LdapRealm, but there aren't many examples floating about, best to look at the conf example in the <A href="https://github.com/apache/zeppelin/blob/v0.7.2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java">code</A>. Basically you want something like:</P><PRE>ldapRealm = org.apache.zeppelin.realm.LdapRealm ldapRealm.contextFactory.url = ldap://localhost:33389 ldapRealm.contextFactory.authenticationMechanism = simple ldapRealm.contextFactory.systemUsername = uid=guest,ou=people,dc=hadoop,dc=apache,dc=org ldapRealm.contextFactory.systemPassword = S{ALIAS=ldcSystemPassword} ldapRealm.authorizationEnabled = true ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org ldapRealm.userObjectClass = person ldapRealm.groupObjectClass = groupofnames ldapRealm.userSearchAttributeName = sAMAccountName ldapRealm.memberAttribute = member ldapRealm.rolesByGroup = LDN_USERS: user_role, NYK_USERS: user_role, GLOBAL_ADMIN: admin_role </PRE><PRE>[roles] user_role = * admin_role= *</PRE><P>The code for Zeppelin is similar to the Apache Knox codebase, so if you get stuck have a look for Knox LDAP configuration (e.g. <A href="https://developer.ibm.com/hadoop/2016/08/03/ldap-integration-with-apache-knox/">here</A>).</P> Fri, 03 Nov 2017 19:56:09 GMT s_fischaber 2017-11-03T19:56:09Z