Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

Highlighted

After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

New Contributor

Im using HDP2.6.2.0 and Zeppelin0.7.2.

Integrated Zeppelin with LDAP through Ambari.

I'm able to login to zeppelin as LDAP user without issues. But after login when i execute

%sh

whoami

its returning 'zeppelin' but it should return 'aduser'. Can you pls help!

shiro_ini_content:

[main]
ldapRealm=org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.systemUsername=xxxx
ldapRealm.contextFactory.systemPassword=xxxx
ldapRealm.contextFactory.authenticationMechanism=simple
ldapRealm.contextFactory.url=ldap://x.x.x.x:389
ldapRealm.pagingSize=200
ldapRealm.authorizationEnabled=true
ldapRealm.searchBase=CN=Users,DC=XXX,DC=YYYY,DC=NET
ldapRealm.userSearchBase=CN=Users,DC=XXX,DC=YYYY,DC=NET
ldapRealm.groupSearchBase=DC=XXX,DC=YYYY,DC=NET
ldapRealm.userObjectClass=person
ldapRealm.groupObjectClass=group
ldapRealm.userSearchAttributeName = sAMAccountName
# Set search scopes for user and group. Values: subtree (default), onelevel, object
ldapRealm.userSearchScope = subtree
ldapRealm.groupSearchScope = subtree
ldapRealm.userSearchFilter=(&(objectclass=person)(sAMAccountName={0}))
ldapRealm.memberAttribute=member
# Format to parse & search group member values in 'memberAttribute'
ldapRealm.memberAttributeValueTemplate=CN={0},DC=XXX,DC=YYYY,DC=NET
# No need to give userDnTemplate if memberAttributeValueTemplate is provided
#ldapRealm.userDnTemplate=
# Map from physical AD groups to logical application roles
ldapRealm.rolesByGroup = "Domain Users":admin_role,"DnsUpdateProxy":hadoop_users_role
# Force usernames returned from ldap to lowercase, useful for AD
ldapRealm.userLowerCase = true

# Enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator
ldapRealm.groupSearchEnableMatchingRuleInChain = true

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
### If caching of user is required then uncomment below lines
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.sessionManager = $sessionManager
securityManager.realms = $ldapRealm
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

[urls]
# This section is used for url-based security.
# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide.
# anon means the access is anonymous.
# authc means Form based Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
/api/interpreter/** = authc, roles[admin_role,hadoop_users_role]
/api/configurations/** = authc, roles[admin_role]
/api/credential/** = authc, roles[admin_role,hadoop_users_role]
#/** = anon
/** = authc

3 REPLIES 3

Re: After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

New Contributor

Any help plz !!!

Re: After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

New Contributor

Any help plz !!!

Re: After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'