Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.6.0, 0.7.0
-
None
-
HDP-2.5.3
Ambari-2.4.1.0
Centos 6
Description
Using hadoop credential store for hiding AD system user password in shiro.ini doesnt work. Below is the config used under [main] for AD authentication :
[main]
-
-
- A sample for configuring Active Directory Realm
activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.systemUsername = hadoopadmin
#use either systemPassword or hadoopSecurityCredentialPath, more details in http://zeppelin.apache.org/docs/latest/security/shiroauthentication.html
activeDirectoryRealm.searchBase = dc=lab,dc=test,dc=net
activeDirectoryRealm.url = ldap://ad-server.lab.test.net:389
activeDirectoryRealm.groupRolesMap = "CN=hadoop-users,OU=CorpUsers,DC=lab,DC=hortonworks,DC=net":"admin"
activeDirectoryRealm.authorizationCachingEnabled = false
activeDirectoryRealm.principalSuffix = @LAB.TEST.NET
securityManager.realm = $activeDirectoryRealm
Exception logged in zeppelin logs :
Caused by: javax.naming.AuthenticationException: LDAP Simple authentication requires both a principal and credentials.
at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.validateAuthenticationInfo(DefaultLdapContextFactory.java:310)
at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:261)
at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:224)
at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getSystemLdapContext(DefaultLdapContextFactory.java:205)
at org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.queryForAuthorizationInfo(ActiveDirectoryGroupRealm.java:199)
at org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthorizationInfo(AbstractLdapRealm.java:207)
... 45 more
- A sample for configuring Active Directory Realm
-
Attachments
Issue Links
- links to