michal_kabocik
New Contributor

Re: How to setup a multi user (Active Directory ba...

by New Contributor in Community Articles
‎02-08-2017 01:14 PM
‎02-08-2017 01:14 PM
Hello Sharan, I have the same problem as you. Have you found the way to limit access to specific users/groups? Kind regards, Michał ... View more

How to limit access to Zeppelin WebUI based for sp...

by New Contributor in Support Questions
‎02-08-2017 01:11 PM
2 Kudos
‎02-08-2017 01:11 PM
2 Kudos
Dears, I'm trying to configure shiro to authenticate users from AD and to limit access to login to webui for specific group. Here's my shiro.ini config: activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = someuser activeDirectoryRealm.systemPassword = somepassword activeDirectoryRealm.searchBase = "OU=x,OU=y,OU=z,DC=,DC=x,DC=x" activeDirectoryRealm.url = ldaps://ldap.domain.com:636 activeDirectoryRealm.groupRolesMap = "CN=HADOOP_GROUP,OU=x,OU=y,OU=z,OU=x,DC=x,DC=x,DC=x":"role1" activeDirectoryRealm.authorizationCachingEnabled = false [roles] role1 = * /api/version = anon #/** = anon /** = authc Currently, authentication works for every user who is in search base, so everyone from search base can login. What I want to achieve is to limit access to specific group so only user which has this group can log in. For testing purposes I created two users. First belongs to group which is listed in groupRolesMap where role1 = * is applied, and the second user belongs to another group, which is not listed in shiro.ini. The problem is that both users can log in, because these users are in the same search base. Is there any way to limit such access? What am I missing? I'll appreciate your help. Kind regards, ... View more
Labels:

Re: Zeppelin LDAP Authentication with OpenLDAP

by New Contributor in Community Articles
‎02-03-2017 04:47 PM
‎02-03-2017 04:47 PM
Dears, I'm trying to configure shiro to authenticate users from AD and to limit access to login to webui for specific group. Here's my shiro.ini config: activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = user activeDirectoryRealm.systemPassword = password activeDirectoryRealm.searchBase = "OU=x,OU=x,OU=x,DC=x,DC=x,DC=x" activeDirectoryRealm.url = ldaps://ldap.domain.com:636 activeDirectoryRealm.groupRolesMap = "CN=HADOOP_GROUP,OU=x,OU=x,OU= x,OU=x,DC=x,DC=x,DC=x":"role1" activeDirectoryRealm.authorizationCachingEnabled = false [roles] role1 = * /api/version = anon /** = authc Currently, authentication works for every user who is in search base, so everyone from search base can login. To limit access, I would like to have authorization based on specified group, so only users from HADOOP_GROUP can log in, like above in groupRolesMap, but it's not working as I expected. What am I missing? I'll appreciate your help. Kind regards, Michał ... View more

Re: Zeppelin livy interpreter not working with Ker...

by New Contributor in Support Questions
‎02-03-2017 02:27 PM
‎02-03-2017 02:27 PM
Hello, Did you figured out the solution? I'm working on similar configuration since couple weeks and I'm still getting error: %livy.spark sc.version Cannot start spark. I have debug enabled on livy but don't see any specific error. In zeppelin-interpreter-livy log I see: ERROR [2017-02-03 15:07:47,491] ({pool-2-thread-7} LivyHelper.java[createSession]:128) - Error getting session for user java.lang.Exception: Cannot start spark. What's interesting, I see spark job created in yarn history with my user over livy-session with the status finished/suceeded most of the time, so from that side it looks correct. Unfortunatelly, still no result in zeppelin notebook. I will really appreciate any suggestions from those who succeeded:) Kind regards, Michał ... View more
Contact Me
Online
Offline
Last Visited
‎02-16-2017 01:29 PM
Public Statistics
Date Registered ‎02-03-2017 02:17 PM
Last Visited ‎02-16-2017 01:29 PM
Total Messages Posted 4
Total Kudos Received 2