Hi, Active Directory users can successfully login to Zeppelin but roles are not mapped to the users. Here is the shiro.ini configuration: [main] adRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm adRealm.url = ldap://domain.com:389 adRealm.searchBase = DC=domain,DC=com adRealm.groupRolesMap = "CN=admins,OU=HWX,DC=domain,DC=com":"admin","CN=users,OU=HWX,DC=domain,DC=com":"users" adRealm.systemUsername = hwx@DOMAIN.COM adRealm.systemPassword = XXXXXX adRealm.principalSuffix = @DOMAIN.COM adRealm.authorizationCachingEnabled = false sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager securityManager.sessionManager.globalSessionTimeout = 86400000 cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager securityManager.realms = $adRealm shiro.loginUrl = /api/login [roles] admin = * users = * [urls] /** = authc /api/version = anon /api/interpreter/** = authc, roles[admin] /api/credential/** = authc, roles[admin] /api/configurations/** = authc, roles[admin] Is there something missing in the configuration? The following message is displayed on the log: WARN [2018-12-13 12:33:30,771] ({qtp64830413-19} LoginRestApi.java[postLogin]:119) - {"status":"OK","message":"","body":{"principal":"user1","ticket":"64c38479-4241-417b-99c4-1840fd41e5a4","roles":"[]"}} Many thanks in advance, Jorge. ... View more

Hi all, I've installed SOLR service on HDP 2.6.3 by following this guide: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.3/bk_solr-search-installation/content/ch_hdp-search-install-ambari.html After successfully installed and started the the SOLR service, this alert is displayed in Ambari: The following components are reporting unexpected versions: host.fqdn SOLR_SERVER: UNKNOWN Does someone know how to fix this issue? Any suggestions would be appreciated. Many thanks in advance, Jorge. ... View more

Hi all, I'm trying to connect to HiveServer2 using beeline and using the information from Ambari: Connected to: Apache Hive (version 1.2.1000.2.6.2.14-5) Driver: Hive JDBC (version 1.2.1000.2.6.2.14-5) Transaction isolation: TRANSACTION_REPEATABLE_READ Beeline version 1.2.1000.2.6.2.14-5 by Apache Hive Why is still using Hive version 1.2 ? Many thanks in advance, Jorge. ... View more

Hi folks, Atlas is unable to authenticate using AD with SSL (unable to find valid certification path to requested target): 2018-01-02 22:56:32,503 ERROR - [pool-2-thread-6:] ~ AD Authentication Failed: (AtlasADAuthenticationProvider:126) org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: dc01.vlab.local:636; nested exception is javax.naming.CommunicationException: simple bind failed: dc01.vlab.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85) at org.apache.atlas.web.security.AtlasADAuthenticationProvider.getADBindAuthentication(AtlasADAuthenticationProvider.java:116) at org.apache.atlas.web.security.AtlasADAuthenticationProvider.authenticate(AtlasADAuthenticationProvider.java:64) at org.apache.atlas.web.security.AtlasAuthenticationProvider.authenticate(AtlasAuthenticationProvider.java:109) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Where can I configure the path to the certificate store containing CA root certificate ? Many thanks in advance, Jorge ... View more