[jira] [Created] (ZEPPELIN-2366) In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store.

Thu, 06 Apr 2017 02:17:05 -0700 

Raghavender Rao Guruvannagari created ZEPPELIN-2366:
-------------------------------------------------------

             Summary: In zeppelin SystemUser fails to authenticate with AD, 
using the password set in hadoop credential store.
                 Key: ZEPPELIN-2366
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2366
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-server
    Affects Versions: 0.7.0, 0.6.0
         Environment: HDP-2.5.3
Ambari-2.4.1.0
Centos 6
            Reporter: Raghavender Rao Guruvannagari


Using hadoop credential store for hiding AD system user password in shiro.ini 
doesnt work. Below is the config used under [main] for AD authentication :
[main]
### A sample for configuring Active Directory Realm
activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
activeDirectoryRealm.hadoopSecurityCredentialPath = 
jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.systemUsername =  hadoopadmin
#use either systemPassword or hadoopSecurityCredentialPath, more details in 
http://zeppelin.apache.org/docs/latest/security/shiroauthentication.html
activeDirectoryRealm.searchBase = dc=lab,dc=test,dc=net
activeDirectoryRealm.url = ldap://ad-server.lab.test.net:389
activeDirectoryRealm.groupRolesMap = 
"CN=hadoop-users,OU=CorpUsers,DC=lab,DC=hortonworks,DC=net":"admin"
activeDirectoryRealm.authorizationCachingEnabled = false
activeDirectoryRealm.principalSuffix = @LAB.TEST.NET
securityManager.realm = $activeDirectoryRealm
Exception logged in zeppelin logs :
Caused by: javax.naming.AuthenticationException: LDAP Simple authentication 
requires both a principal and credentials.
        at 
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.validateAuthenticationInfo(DefaultLdapContextFactory.java:310)
        at 
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:261)
        at 
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:224)
        at 
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getSystemLdapContext(DefaultLdapContextFactory.java:205)
        at 
org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.queryForAuthorizationInfo(ActiveDirectoryGroupRealm.java:199)
        at 
org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthorizationInfo(AbstractLdapRealm.java:207)
        ... 45 more



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to