question Re: Zeppelin user role mapping using Active Directory in Archives of Support Questions (Read Only) https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238685#M85539 <P>It worked using LDAP realm.</P><P>Thank you!</P> Mon, 14 Jan 2019 23:18:07 GMT jorge_florencio 2019-01-14T23:18:07Z Zeppelin user role mapping using Active Directory https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238681#M85535 <P>Hi,</P><P>Active Directory users can successfully login to Zeppelin but roles are not mapped to the users.</P><P>Here is the shiro.ini configuration:</P><PRE>[main] adRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm adRealm.url = ldap://domain.com:389 adRealm.searchBase = DC=domain,DC=com adRealm.groupRolesMap = "CN=admins,OU=HWX,DC=domain,DC=com":"admin","CN=users,OU=HWX,DC=domain,DC=com":"users" adRealm.systemUsername = hwx@DOMAIN.COM adRealm.systemPassword = XXXXXX adRealm.principalSuffix = @DOMAIN.COM adRealm.authorizationCachingEnabled = false sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager securityManager.sessionManager.globalSessionTimeout = 86400000 cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager securityManager.realms = $adRealm shiro.loginUrl = /api/login [roles] admin = * users = * [urls] /** = authc /api/version = anon /api/interpreter/** = authc, roles[admin] /api/credential/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] </PRE><P>Is there something missing in the configuration?</P><P>The following message is displayed on the log:</P><PRE>WARN [2018-12-13 12:33:30,771] ({qtp64830413-19} LoginRestApi.java[postLogin]:119) - {"status":"OK","message":"","body":{"principal":"user1","ticket":"64c38479-4241-417b-99c4-1840fd41e5a4","roles":"[]"}}<BR /></PRE><P>Many thanks in advance,</P><P>Jorge.</P> Fri, 14 Dec 2018 03:33:58 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238681#M85535 jorge_florencio 2018-12-14T03:33:58Z Re: Zeppelin user role mapping using Active Directory https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238682#M85536 <P><A rel="user" href="https://community.cloudera.com/users/46217/jorgeflorencio.html" nodeid="46217">@Jorge Florencio</A> Group search base is missing, try with below template</P><P>========</P><P>ldapRealm=org.apache.zeppelin.realm.LdapRealm</P><P>ldapRealm.contextFactory.systemUsername =cn=manager,dc=charan,dc=com</P><P>ldapRealm.contextFactory.systemPassword =xxxx</P><P>ldapRealm.contextFactory.authenticationMechanism=simple</P><P>ldapRealm.contextFactory.url=ldap://ldap_url:389</P><P>ldapRealm.authorizationEnabled=true</P><P>#ldapRealm.pagingSize = 20000 </P><P>ldapRealm.searchBase=dc=sai,dc=com</P><P>ldapRealm.userSearchBase=ou=People,dc=charan,dc=com</P><P>ldapRealm.groupSearchBase=cn=admin,ou=Group,dc=charan,dc=com</P><P>ldapRealm.userObjectClass=*</P><P>ldapRealm.groupObjectClass=groupOfNames</P><P>ldapRealm.userSearchAttributeName = uid </P><P>ldapRealm.userSearchScope = subtree </P><P>ldapRealm.groupSearchScope = subtree </P><P>ldapRealm.userSearchFilter= (&amp;(objectclass=*)(uid={0})) </P><P>ldapRealm.memberAttribute = member </P><P>ldapRealm.memberAttributeValueTemplate={0}</P><P>ldapRealm.rolesByGroup = "admin":admin_role</P><P>============</P> Fri, 14 Dec 2018 17:21:09 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238682#M85536 Scharan 2018-12-14T17:21:09Z Re: Zeppelin user role mapping using Active Directory https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238683#M85537 <P>Hi <A rel="user" href="https://community.cloudera.com/users/15463/scharan.html" nodeid="15463">@scharan</A> ,</P><P>you are using ldapRealm. There's no way to solve the issue using ActiveDirectoryRealm?</P><P>Thanks!</P><P>Jorge.</P> Fri, 14 Dec 2018 23:15:47 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238683#M85537 jorge_florencio 2018-12-14T23:15:47Z Re: Zeppelin user role mapping using Active Directory https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238684#M85538 <P>Hi <A rel="user" href="https://community.cloudera.com/users/46217/jorgeflorencio.html" nodeid="46217">@Jorge Florencio</A> you can use ldap in place on adrealm, just need to change the Active Directory details to suit your AD environment.</P><P>Refer to this article: <A href="https://community.hortonworks.com/articles/105169/hdp-26-configuring-zeppelin-for-active-directory-u.html" target="_blank">https://community.hortonworks.com/articles/105169/hdp-26-configuring-zeppelin-for-active-directory-u.html</A></P> Sat, 15 Dec 2018 10:43:01 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238684#M85538 Scharan 2018-12-15T10:43:01Z Re: Zeppelin user role mapping using Active Directory https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238685#M85539 <P>It worked using LDAP realm.</P><P>Thank you!</P> Mon, 14 Jan 2019 23:18:07 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Zeppelin-user-role-mapping-using-Active-Directory/m-p/238685#M85539 jorge_florencio 2019-01-14T23:18:07Z