Member since
10-11-2017
4
Posts
0
Kudos Received
0
Solutions
11-08-2017
04:49 PM
I have a cloudformation stack with some bootstraps and spark steps. I would like to launch my EMR and by default the Interpreter will be configured like this: The interpreter will be instantiated Per User in Isolated process. I just want to know in configuration files where could i change that in order to put it in bootstrap actions an replace in bootstraping stage.
... View more
Labels:
11-08-2017
02:01 AM
We are working in zeppelin 0.7.0 and currently we have the following configuration in shiro.ini ldapRealm.contextFactory.systemUsername=CN=development,OU=groups,DC=ad,DC=something,DC=com
#ldapRealm.contextFactory.systemPassword=SomePassw0rd
ldapRealm.contextFactory.authenticationMechanism=simple
ldapRealm.contextFactory.url=ldap://10.X.X.X:389
ldapRealm.authorizationEnabled=true
ldapRealm.searchBase=DC=ad,DC=something,DC=com
ldapRealm.userSearchBase=CN=development,OU=groups,DC=ad,DC=something,DC=com
ldapRealm.groupSearchBase=CN=development,OU=groups,DC=ad,DC=something,DC=com
ldapRealm.rolesByGroup = development: admin, bci: zebci
ldapRealm.userObjectClass=person
securityManager.realms = $ldapRealm And our roles section is [roles]
role1 = *
role2 = *
role3 = *
admin = *
zebci = * And URL /api/version = authc, roles[admin]
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc When we tried to log in in zeppelin with our user of Active Directory we could do it, but all the users does not have any permission on /interpreter /configurations /credentials. We would like to configura to admin (zeppelin group) users match with development group from AD and have access to all. but in the other hand we want that zebci group match with bci group from AD and does not have access to /interpreter /configurations /credentials. Thanks in advance for your help
... View more
Labels:
10-21-2017
11:22 PM
HI everyone, I am working with zeppelin Zeppelin 0.7.0 I configure the shiro.ini in that way activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername =
#activeDirectoryRealm.systemPassword =
activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.searchBase = CN=development,OU=DEV,DC=ad,DC=algo,DC=com
activeDirectoryRealm.url = ldaps://10.4.0.86:636
activeDirectoryRealm.groupRolesMap = "CN=ZeppelinGroup1,OU=DEV,DC=ad,DC=algo,DC=com":"ZeppelinGroup1"
activeDirectoryRealm.authorizationCachingEnabled = true
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
zeppelingroup1 = *
When i tried to log in zeppelin it appears a user or password incorrect. In the zeppelin logs appear WARN [2017-10-21 23:13:29,117] ({qtp1757293506-15} LoginRestApi.java[postLogin]:115) - {"status":"FORBIDDEN","message":"","body":""}
ERROR [2017-10-21 23:13:35,999] ({qtp1757293506-15} LoginRestApi.java[postLogin]:107) - Exception in login:
org.apache.shiro.authc.AuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms. Please ensure that at least one realm can authenticate these tokens.
at org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy.afterAllAttempts(AtLeastOneSuccessfulStrategy.java:54)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:235)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at org.apache.zeppelin.rest.LoginRestApi.postLogin(LoginRestApi.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) Any help with this error, please? Thanks in advance
... View more
Labels:
10-16-2017
01:10 PM
I am working with OpenLdap with the following structure (see attached) I configure all the shiro.ini ### A sample for configuring LDAP Directory Realm
ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm
## search base for ldap groups (only relevant for LdapGroupRealm):
ldapRealm.contextFactory.environment[ldap.searchBase] = dc=CORP,dc=SOYMACH,dc=COM
ldapRealm.contextFactory.url = ldap://ad.corp.soymach.com:389
ldapRealm.userDnTemplate = cn={0},ou=bigdatateam,dc=CORP,dc=SOYMACH,dc=COM
ldapRealm.contextFactory.authenticationMechanism = SIMPLE when i tried to access to zeppelin it always appear "The username and password that you entered don't match." When i see the log file it appears Oct 15, 2017 10:13:42 PM com.sun.jersey.spi.inject.Errors processErrorMessages
WARNING: The following warnings have been detected with resource and/or provider classes:
WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.InterpreterRestApi.listInterpreter(java.lang.String), should not consume any entity.
WARNING: A sub-resource method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.NotebookRestApi.createNote(java.lang.String) throws java.io.IOException, with URI template, "/", is treated as a resource method
WARNING: A sub-resource method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.NotebookRestApi.getNoteList() throws java.io.IOException, with URI template, "/", is treated as a resource method
WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.CredentialRestApi.getCredentials(java.lang.String) throws java.io.IOException,java.lang.IllegalArgumentException, should not consume any entity. I do not know what is my error in the integration with OpenLdap.
... View more
Labels: