[GitHub] zeppelin issue #1614: ZEPPELIN-1472 - Create new LdapRealm based on Apache K...

Thu, 10 Nov 2016 23:53:12 -0800 

Github user nazgul33 commented on the issue:

    https://github.com/apache/zeppelin/pull/1614
  
    @gss2002 @jongyoul 
    I confirm that this works as expected.
    ldap group to shiro role mapping works flawlessly.
    here's my shiro setup with openldap + phpldapadmin
    
    ```
    [main]
    ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
    ldapADGCRealm.contextFactory.systemUsername = 
cn=zeppelin,ou=system,dc=example,DC=com
    ldapADGCRealm.contextFactory.systemPassword = 1some2Random3Password4
    ldapADGCRealm.userDnTemplate=cn={0},ou=people,dc=example,DC=com
    ldapADGCRealm.searchBase = dc=example,DC=com
    ldapADGCRealm.userSearchBase = ou=people,dc=example,DC=com
    ldapADGCRealm.groupSearchBase = ou=groups,dc=example,DC=com
    ldapADGCRealm.contextFactory.url = ldap://127.0.0.1:389
    ldapADGCRealm.contextFactory.authenticationMechanism = simple
    ldapADGCRealm.userObjectClass = posixAccount
    ldapADGCRealm.groupObjectClass = posixGroup
    ldapADGCRealm.authorizationEnabled = true
    ldapADGCRealm.memberAttribute = memberUid
    
ldapADGCRealm.memberAttributeValueTemplate=cn={0},ou=people,dc=example,DC=com
    ldapADGCRealm.rolesByGroup = AdminGroup:admin,UserGroup:user
    
    securityManager.realms = $ldapADGCRealm
    sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
    
    [roles]
    admin = *
    user = *
    ```
    
    I added all people under "ou=people,dc=example,DC=com",
    groups under "ou=people,dc=example,DC=com".
    In each groups, added "memberUid" property and added users to this 
attribute.
    
    now I can configure user or/and role for each note.
    other permissions for interpreter settings or whatever works as expected.
    
    ```
    [urls]
    /api/interpreter/** = authc, roles[admin]
    /api/configurations/** = authc, roles[admin]
    /api/credential/** = authc, roles[admin]
    ```
    
    thank for nice patch!!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to