Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Error making ldapRealm.rolesByGroup works in zeppelin 0.7.0

Highlighted

Error making ldapRealm.rolesByGroup works in zeppelin 0.7.0

New Contributor

We are working in zeppelin 0.7.0 and currently we have the following configuration in shiro.ini

ldapRealm.contextFactory.systemUsername=CN=development,OU=groups,DC=ad,DC=something,DC=com
#ldapRealm.contextFactory.systemPassword=SomePassw0rd
ldapRealm.contextFactory.authenticationMechanism=simple
ldapRealm.contextFactory.url=ldap://10.X.X.X:389
ldapRealm.authorizationEnabled=true
ldapRealm.searchBase=DC=ad,DC=something,DC=com
ldapRealm.userSearchBase=CN=development,OU=groups,DC=ad,DC=something,DC=com
ldapRealm.groupSearchBase=CN=development,OU=groups,DC=ad,DC=something,DC=com
ldapRealm.rolesByGroup = development: admin, bci: zebci
ldapRealm.userObjectClass=person
securityManager.realms = $ldapRealm

And our roles section is

[roles]
role1 = *
role2 = *
role3 = *
admin = *
zebci = *

And URL

/api/version = authc, roles[admin]
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc

When we tried to log in in zeppelin with our user of Active Directory we could do it, but all the users does not have any permission on /interpreter /configurations /credentials.

We would like to configura to admin (zeppelin group) users match with development group from AD and have access to all.

but in the other hand we want that zebci group match with bci group from AD and does not have access to /interpreter /configurations /credentials.

Thanks in advance for your help

Don't have an account?
Coming from Hortonworks? Activate your account here