I tried updating zeppelin config files but still I got authentication issues for LDAP accounts. I am not able to understand what should be actual value for below properties
@Artem Ervits could you help
You can reference these docs for more information regarding Zeppelin security with Active Directory: http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.0/bk_zeppelin-component-guide/content/config-s.... Have you seen these docs?
You do not want to hardcode the username/password in the shiro config file. Rather, you will want to add the authentication settings and optionally use a self-signed certificate.
Let me know if you'd like more info - hope this helps!
Hi @Amit Panda
- activeDirectoryRealm.systemUsername - this is the value of the AD adminID; that is NOT the bind from LDAP but just the adminID
- activeDirectoryRealm.systemPassword - admin's password; for now that has to be a plain text
You need to provide also the following:
activeDirectoryRealm.searchBase activeDirectoryRealm.url activeDirectoryRealm.groupRolesMap activeDirectoryRealm.authorizationCachingEnabled = true securityManager.realms = $activeDirectoryRealm sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager securityManager.sessionManager = $sessionManager securityManager.sessionManager.globalSessionTimeout = 86400000 shiro.loginUrl = /api/login
I hope this helps
Hi @Amit Panda
Is this your username - "admin ("?
As already mentioned in my previous post - you must have activeDirectoryRealm.systemPassword specified and do not use activeDirectoryRealm.hadoopSecurityCredentialPath
You use ldap without port number?
You must have groupRolesMap specified. Currently that is commented out
Is that a correct searchBase? Basically, if you use ldapsearch from the console using details from shiro i.e. systemUsername, systemPassword, searchBase and the user to log into Zeppelin, as output of it you should get the role user is associated with which you will use as groupRolesMap.
$ ldapsearch -h <ldap_host> -p <ldap_port> -D <system_user> -w <password> -b "<search_base>" "(&(cn=*)(sAMAccountName=<YourID>))"
This is to return the role bind to be used in groupRolesMap.
Once you have this configured, log in to Zeppelin UI as <YourID@DOMAIN>.