Support Questions
Find answers, ask questions, and share your expertise

After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

Im using HDP2.6.2.0 and Zeppelin0.7.2.

Integrated Zeppelin with LDAP through Ambari.

I'm able to login to zeppelin as LDAP user without issues. But after login when i execute

%sh

whoami

its returning 'zeppelin' but it should return 'aduser'. Can you pls help!

shiro_ini_content:

[main]
ldapRealm=org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.systemUsername=xxxx
ldapRealm.contextFactory.systemPassword=xxxx
ldapRealm.contextFactory.authenticationMechanism=simple
ldapRealm.contextFactory.url=ldap://x.x.x.x:389
ldapRealm.pagingSize=200
ldapRealm.authorizationEnabled=true
ldapRealm.searchBase=CN=Users,DC=XXX,DC=YYYY,DC=NET
ldapRealm.userSearchBase=CN=Users,DC=XXX,DC=YYYY,DC=NET
ldapRealm.groupSearchBase=DC=XXX,DC=YYYY,DC=NET
ldapRealm.userObjectClass=person
ldapRealm.groupObjectClass=group
ldapRealm.userSearchAttributeName = sAMAccountName
# Set search scopes for user and group. Values: subtree (default), onelevel, object
ldapRealm.userSearchScope = subtree
ldapRealm.groupSearchScope = subtree
ldapRealm.userSearchFilter=(&(objectclass=person)(sAMAccountName={0}))
ldapRealm.memberAttribute=member
# Format to parse & search group member values in 'memberAttribute'
ldapRealm.memberAttributeValueTemplate=CN={0},DC=XXX,DC=YYYY,DC=NET
# No need to give userDnTemplate if memberAttributeValueTemplate is provided
#ldapRealm.userDnTemplate=
# Map from physical AD groups to logical application roles
ldapRealm.rolesByGroup = "Domain Users":admin_role,"DnsUpdateProxy":hadoop_users_role
# Force usernames returned from ldap to lowercase, useful for AD
ldapRealm.userLowerCase = true

# Enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator
ldapRealm.groupSearchEnableMatchingRuleInChain = true

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
### If caching of user is required then uncomment below lines
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.sessionManager = $sessionManager
securityManager.realms = $ldapRealm
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

[urls]
# This section is used for url-based security.
# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide.
# anon means the access is anonymous.
# authc means Form based Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
/api/interpreter/** = authc, roles[admin_role,hadoop_users_role]
/api/configurations/** = authc, roles[admin_role]
/api/credential/** = authc, roles[admin_role,hadoop_users_role]
#/** = anon
/** = authc

3 REPLIES 3
Highlighted

Re: After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

Any help plz !!!

Highlighted

Re: After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'

Any help plz !!!

Highlighted

Re: After AD user logged into Zeppelin, still 'whoami' returns 'zeppelin' instead of 'aduser'