Dears, I'm trying to configure shiro to authenticate users from AD and to limit access to login to webui for specific group.
Here's my shiro.ini config: activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = user activeDirectoryRealm.systemPassword = password activeDirectoryRealm.searchBase = "OU=x,OU=x,OU=x,DC=x,DC=x,DC=x" activeDirectoryRealm.url = ldaps://ldap.domain.com:636 activeDirectoryRealm.groupRolesMap = "CN=HADOOP_GROUP,OU=x,OU=x,OU= x,OU=x,DC=x,DC=x,DC=x":"role1" activeDirectoryRealm.authorizationCachingEnabled = false [roles] role1 = * /api/version = anon #/** = anon /** = authc Currently, authentication works for every user who is in search base, so everyone from search base can login. To limit access, I would like to have authorization based on specified group, like above. What am I missing? I'll appreciate your help. Kind regards, -- Michał Kabocik
