Andreas Weise created ZEPPELIN-2161:
---------------------------------------
Summary: Nested Group Support in LdapRealm for AD using
LDAP_MATCHING_RULE_IN_CHAIN Operator
Key: ZEPPELIN-2161
URL: https://issues.apache.org/jira/browse/ZEPPELIN-2161
Project: Zeppelin
Issue Type: Improvement
Components: zeppelin-server
Affects Versions: 0.7.0
Reporter: Andreas Weise
A common use case in LDAP/AD setup is the hierarchical structuring of groups -
a.k.a. adding groups to other groups. Such nesting groups can help reduce the
number of roles that need to be managed.
Current zeppelin realm implementations doesn't have support for looking up
memberships throughout nested group structures.
E.g. consider the following nested group scenario:
{noformat}
acme_employees
\__department_a
\__sub_department_x
{noformat}
User 'bob' is in Group 'sub_department_x'.
Notebook 'note1' has a Reader Role assignment for 'department_a' or
'acme_employees'.
Then access must be granted for 'bob' on 'note1'.
In AD enviroments this scenarios can be efficiently implemented using the so
called LDAP_MATCHING_RULE_IN_CHAIN operator '1.2.840.113556.1.4.1941'.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
