I have a cloudformation stack with some bootstraps and spark steps. I would like to launch my EMR and by default the Interpreter will be configured like this: The interpreter will be instantiated Per User in Isolated process. I just want to know in configuration files where could i change that in order to put it in bootstrap actions an replace in bootstraping stage. ... View more

We are working in zeppelin 0.7.0 and currently we have the following configuration in shiro.ini ldapRealm.contextFactory.systemUsername=CN=development,OU=groups,DC=ad,DC=something,DC=com #ldapRealm.contextFactory.systemPassword=SomePassw0rd ldapRealm.contextFactory.authenticationMechanism=simple ldapRealm.contextFactory.url=ldap://10.X.X.X:389 ldapRealm.authorizationEnabled=true ldapRealm.searchBase=DC=ad,DC=something,DC=com ldapRealm.userSearchBase=CN=development,OU=groups,DC=ad,DC=something,DC=com ldapRealm.groupSearchBase=CN=development,OU=groups,DC=ad,DC=something,DC=com ldapRealm.rolesByGroup = development: admin, bci: zebci ldapRealm.userObjectClass=person securityManager.realms = $ldapRealm And our roles section is [roles] role1 = * role2 = * role3 = * admin = * zebci = * And URL /api/version = authc, roles[admin] /api/interpreter/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] #/** = anon /** = authc When we tried to log in in zeppelin with our user of Active Directory we could do it, but all the users does not have any permission on /interpreter /configurations /credentials. We would like to configura to admin (zeppelin group) users match with development group from AD and have access to all. but in the other hand we want that zebci group match with bci group from AD and does not have access to /interpreter /configurations /credentials. Thanks in advance for your help ... View more

HI everyone, I am working with zeppelin Zeppelin 0.7.0 I configure the shiro.ini in that way activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm #activeDirectoryRealm.systemUsername = #activeDirectoryRealm.systemPassword = activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks activeDirectoryRealm.searchBase = CN=development,OU=DEV,DC=ad,DC=algo,DC=com activeDirectoryRealm.url = ldaps://10.4.0.86:636 activeDirectoryRealm.groupRolesMap = "CN=ZeppelinGroup1,OU=DEV,DC=ad,DC=algo,DC=com":"ZeppelinGroup1" activeDirectoryRealm.authorizationCachingEnabled = true securityManager.sessionManager = $sessionManager securityManager.sessionManager.globalSessionTimeout = 86400000 shiro.loginUrl = /api/login [roles] role1 = * role2 = * role3 = * admin = * zeppelingroup1 = * When i tried to log in zeppelin it appears a user or password incorrect. In the zeppelin logs appear WARN [2017-10-21 23:13:29,117] ({qtp1757293506-15} LoginRestApi.java[postLogin]:115) - {"status":"FORBIDDEN","message":"","body":""} ERROR [2017-10-21 23:13:35,999] ({qtp1757293506-15} LoginRestApi.java[postLogin]:107) - Exception in login: org.apache.shiro.authc.AuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms. Please ensure that at least one realm can authenticate these tokens. at org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy.afterAllAttempts(AtLeastOneSuccessfulStrategy.java:54) at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:235) at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269) at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) at org.apache.zeppelin.rest.LoginRestApi.postLogin(LoginRestApi.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) Any help with this error, please? Thanks in advance ... View more

I am working with OpenLdap with the following structure (see attached) I configure all the shiro.ini ### A sample for configuring LDAP Directory Realm ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm ## search base for ldap groups (only relevant for LdapGroupRealm): ldapRealm.contextFactory.environment[ldap.searchBase] = dc=CORP,dc=SOYMACH,dc=COM ldapRealm.contextFactory.url = ldap://ad.corp.soymach.com:389 ldapRealm.userDnTemplate = cn={0},ou=bigdatateam,dc=CORP,dc=SOYMACH,dc=COM ldapRealm.contextFactory.authenticationMechanism = SIMPLE when i tried to access to zeppelin it always appear "The username and password that you entered don't match." When i see the log file it appears Oct 15, 2017 10:13:42 PM com.sun.jersey.spi.inject.Errors processErrorMessages WARNING: The following warnings have been detected with resource and/or provider classes: WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.InterpreterRestApi.listInterpreter(java.lang.String), should not consume any entity. WARNING: A sub-resource method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.NotebookRestApi.createNote(java.lang.String) throws java.io.IOException, with URI template, "/", is treated as a resource method WARNING: A sub-resource method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.NotebookRestApi.getNoteList() throws java.io.IOException, with URI template, "/", is treated as a resource method WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.CredentialRestApi.getCredentials(java.lang.String) throws java.io.IOException,java.lang.IllegalArgumentException, should not consume any entity. I do not know what is my error in the integration with OpenLdap. ... View more