Hi guys, When using org.apache.zeppelin.server.ActiveDirectoryGroupRealm as my shiro realm on v0.6.0, I have trouble understanding the searchBase config. My understanding was shiro should only allow user within that searchBase to login, but seems like not the case. When I trace the code of ActiveDirectoryGroupRealm.java, the only place searchBase was used is in method getRoleNamesForUser <https://github.com/apache/zeppelin/blob/v0.6.0/zeppelin-server/src/main/java/org/apache/zeppelin/server/ActiveDirectoryGroupRealm.java#L162> , if the user is not inside searchBase, a empty roleNames will be return and without any exception, thus the user will be login I guess?
I'm not sure if this is expected behaviour or not. I also tried the v0.6.1 and seems also have same behaviour. In general I just want to restrict user only in certain groups of ActiveDirectory to be able to login. Is that possible without rewriting our own Realm? Thanks, Weipu
