Error Role to group Mapping - Zeppeling Shiro.ini

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Error Role to group Mapping - Zeppeling Shiro.ini

Carlos Andres Zambrano Barrera
Hi Everyone!

We are working in zeppelin 0.7.0 and currently we have the following configuration in shiro.ini

  1. ldapRealm.contextFactory.systemUsername=DC=ad,DC=something,DC=com
  2. #ldapRealm.contextFactory.systemPassword=SomePassw0rd
  3. ldapRealm.contextFactory.authenticationMechanism=simple
  4. ldapRealm.contextFactory.url=ldap://10.X.X.X:389
  5. ldapRealm.authorizationEnabled=true
  6. ldapRealm.searchBase=DC=ad,DC=something,DC=com
  7. ldapRealm.userSearchBase=DC=ad,DC=something,DC=com
  8. ldapRealm.groupSearchBase=DC=ad,DC=something,DC=com
  9. ldapRealm.rolesByGroup = development: admin, bci: zebci
  10. ldapRealm.userObjectClass=person
  11. securityManager.realms = $ldapRealm

And our roles section is

  1. [roles]
  2. role1 = *
  3. role2 = *
  4. role3 = *
  5. admin = *
  6. zebci = *

And URL

  1. /api/version = authc, roles[admin]
  2. /api/interpreter/** = authc, roles[admin]
  3. /api/configurations/** = authc, roles[admin]
  4. /api/credential/** = authc, roles[admin]
  5. #/** = anon
  6. /** = authc

When we tried to log in in zeppelin with our user of Active Directory we could do it, but all the users does not have any permission on /interpreter /configurations /credentials.

We would like to configura to admin (zeppelin group) users match with development group from AD and have access to all.

but in the other hand we want that zebci group match with bci group from AD and does not have access to /interpreter /configurations /credentials.

Error log

WARN [2017-11-08 21:25:47,331] ({qtp1734161410-15} LoginRestApi.java[postLogin]:115) - {"status":"OK","message":"","body":{"principal":"fmejia","ticket":"251842b9-52ff-4e54-b689-f65f2c5cffe0"," roles":"[]"}}


Thanks in advance for your help




--

Carlos Andrés Zambrano Barrera
Cel: +57 3174373741






Sent with Mailtrack