Community Articles

ddenio · ‎12-30-2016

The following steps explain how to configure LDAP for Zeppelin

1) Make sure you can do an ldapsearch with the System Username that has AD permissions to query your OU.

Example:

ldapsearch -h 10.1.1.10:389 -D adsystem@ABC.YOURCO.COM -w abc123 -b OU=users,DC=ABC,DC=YOURCO,DC=COM dn

2) Using Ambari go into Zeppelin Configs and Advanced Zeppelin-env.

3) Edit the shiro_ini_content by adding the following parameters (remove existing first and replace with new):

[users] admin = yourpassword,admin

[main]

adRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm

adRealm.url = ldap://10.1.1.10 adRealm.searchBase = OU=users,DC=ABC,DC=YOURCO,DC=COM

adRealm.systemUsername = adsystem@ABC.YOURCO.COM

adRealm.systemPassword = abc123

adRealm.principalSuffix = @ABC.YOURCO.COM

adRealm.authorizationCachingEnabled = true sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

securityManager.sessionManager = $sessionManager

securityManager.sessionManager.globalSessionTimeout = 86400000

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager

securityManager.cacheManager = $cacheManager

securityManager.realms = $adRealm

shiro.loginUrl = /api/login

[roles]

[urls]

/api/version = anon

/api/interpreter/** = authc, roles[admin]

/api/credential/** = authc, roles[admin]

/api/configurations/** = authc, roles[admin]

/** = authcBasic

4) Save changes in Ambari.

5) Restart Zeppelin.

Zeppelin LDAP Configuration