https://community.cloudera.com/t5/Support-Questions/How-to-configure-groups-and-roles-mapping-using-ldapRealm-in/m-p/226494#M188354 <P>Have you resolved this? We configured Zeppelin ver. 0.7.0 using LdapRealm and roles are populated. The key properties are</P><PRE>ldapRealm.groupObjectClass=group ldapRealm.memberAttribute=member ldapRealm.groupIdAttribute=cn </PRE><P>These are defaults, and I don't have IPA server handy, so please do ldapsearch for one of your groups to confirm. You will see multiple group's classes in the output, select one used for users' groups. "memberAttribute" appears on the left side in the list of group members. And "GroupIdAttribute" is what LdapRealm will return as the group name instead of the "long" ldap name, without any OUs, DCs etc. Use those group names in your "rolesByGroup" and keep the capitals if any. Also restrict as much as possible your "groupSearchBase" and you can also try to increase ldapRealm.pageSize from default 100 to 200 or 300. If you still get no roles post your LdapRealm settings, and a few lines from your ldapsearch.</P> Tue, 12 Jun 2018 17:21:02 GMT pminovic 2018-06-12T17:21:02Z