How to hide Zeppelin's LDAP manager password when using LdapRealm

pminovic · ‎06-12-2018

We configured Zeppelin LDAP sync using LdapRealm class

ldapRealm=org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.systemUsername=ldapmanager@example.com
ldapRealm.contextFactory.systemPassword=mypassword

and the password in shiro=ini is now in plain text. How can we hide it? With ActiveDirectoryRealm we can use jceks

activeDirectoryRealm.hadoopSecurityCredentialPath=jceks://file/etc/zeppelin/conf/zeppelin.jceks

however, ldapRealm doesn't have that field and doesn't appear to support jceks. In the source code of LdapRealm the default password is given as

ldapRealm.contextFactory.systemPassword = S{ALIAS=ldcSystemPassword}

How to create that alias?

Tnx!

falbani · ‎06-12-2018

@Predrag Minovic AFAIK this has not been implemented yet for the ldapRealm. I did also check the code and did not see the implementation around this. Regarding :

ldapRealm.contextFactory.systemPassword = S{ALIAS=ldcSystemPassword}

The above is part of java doc and not actual value in code. So this is not the actual value but just a missleading comment .

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.