activeDirectoryRealm.groupRolesMap

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

activeDirectoryRealm.groupRolesMap

Richard Xin
I am facing some hurdle with activeDirectoryRealm.groupRolesMap
the following is the content of my shiro.ini
...
activeDirectoryRealm.groupRolesMap = "CN=Zeppelin-Admin,OU=Zeppelin,OU=Applications,OU=Groups,DC=directory,DC=[domain_here],DC=com":"admin","CN=ZeppelinZepZeppelinpelin-Devs,OU=Zepplin,OU=Applications,OU=Groups,DC=directory,DC=[domain_here],DC=com":"developer","CN=Zeppelin-Analyst,OU=Zeppelin,OU=Applications,OU=Groups,DC=directory,DC=DC=[domain_here],DC=com":"datascientist"
activeDirectoryRealm.authorizationCachingEnabled = false
activeDirectoryRealm.principalSuffix = @directory.mydomain.com
...
[roles]
admin = *
datascientist = *
developer = *

[urls]
uncomment the below urls that you want to hide.
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/** = authc


My AD account is member of "CN=Zeppelin-Admin,OU=Zeppelin,OU=Applications,OU=Groups,DC=directory,DC=[domain_here],DC=com", but when I login, I saw followings in the log:

WARN [2017-07-26 00:14:10,981] (

{qtp1287712235-15} LoginRestApi.java[postLogin]:119) - {"status":"OK","message":"","body":{"principal":"richard.xin","ticket":"b681cbbb-8a10-40c8-9ba8-c46ee59efd42","roles":"[]"}}

please note roles node is empty, I was expecting "admin" in the role list, does anyone have similar issue? is my config activeDirectoryRealm.groupRolesMap correct?

Thanks,
Richard Xin


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: activeDirectoryRealm.groupRolesMap

Richard Xin






On Wednesday, July 26, 2017, 11:13:39 AM PDT, Richard Xin <[hidden email]> wrote:


I am facing some hurdle with activeDirectoryRealm.groupRolesMap
the following is the content of my shiro.ini
...
activeDirectoryRealm.groupRolesMap = "CN=Zeppelin-Admin,OU=Zeppelin,OU=Applications,OU=Groups,DC=directory,DC=[domain_here],DC=com":"admin","CN=ZeppelinZepZeppelinpelin-Devs,OU=Zepplin,OU=Applications,OU=Groups,DC=directory,DC=[domain_here],DC=com":"developer","CN=Zeppelin-Analyst,OU=Zeppelin,OU=Applications,OU=Groups,DC=directory,DC=DC=[domain_here],DC=com":"datascientist"
activeDirectoryRealm.authorizationCachingEnabled = false
activeDirectoryRealm.principalSuffix = @directory.mydomain.com
...
[roles]
admin = *
datascientist = *
developer = *

[urls]
uncomment the below urls that you want to hide.
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/** = authc


My AD account is member of "CN=Zeppelin-Admin,OU=Zeppelin,OU=Applications,OU=Groups,DC=directory,DC=[domain_here],DC=com", but when I login, I saw followings in the log:

WARN [2017-07-26 00:14:10,981] (

{qtp1287712235-15} LoginRestApi.java[postLogin]:119) - {"status":"OK","message":"","body":{"principal":"richard.xin","ticket":"b681cbbb-8a10-40c8-9ba8-c46ee59efd42","roles":"[]"}}

please note roles node is empty, I was expecting "admin" in the role list, does anyone have similar issue? is my config activeDirectoryRealm.groupRolesMap correct?

Thanks,
Richard Xin


Loading...