Hello Sharan, I have the same problem as you. Have you found the way to limit access to specific users/groups? Kind regards, Michał ... View more

Dears, I'm trying to configure shiro to authenticate users from AD and to limit access to login to webui for specific group. Here's my shiro.ini config: activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = user activeDirectoryRealm.systemPassword = password activeDirectoryRealm.searchBase = "OU=x,OU=x,OU=x,DC=x,DC=x,DC=x" activeDirectoryRealm.url = ldaps://ldap.domain.com:636 activeDirectoryRealm.groupRolesMap = "CN=HADOOP_GROUP,OU=x,OU=x,OU= x,OU=x,DC=x,DC=x,DC=x":"role1" activeDirectoryRealm.authorizationCachingEnabled = false [roles] role1 = * /api/version = anon /** = authc Currently, authentication works for every user who is in search base, so everyone from search base can login. To limit access, I would like to have authorization based on specified group, so only users from HADOOP_GROUP can log in, like above in groupRolesMap, but it's not working as I expected. What am I missing? I'll appreciate your help. Kind regards, Michał ... View more

Hello, Did you figured out the solution? I'm working on similar configuration since couple weeks and I'm still getting error: %livy.spark sc.version Cannot start spark. I have debug enabled on livy but don't see any specific error. In zeppelin-interpreter-livy log I see: ERROR [2017-02-03 15:07:47,491] ({pool-2-thread-7} LivyHelper.java[createSession]:128) - Error getting session for user java.lang.Exception: Cannot start spark. What's interesting, I see spark job created in yarn history with my user over livy-session with the status finished/suceeded most of the time, so from that side it looks correct. Unfortunatelly, still no result in zeppelin notebook. I will really appreciate any suggestions from those who succeeded:) Kind regards, Michał ... View more