Hi Everyone!

We are working in zeppelin 0.7.0 and currently we have the following
configuration in shiro.ini
   1. ldapRealm.contextFactory.systemUsername=DC=ad,DC=something,DC=com
   2. #ldapRealm.contextFactory.systemPassword=SomePassw0rd
   3. ldapRealm.contextFactory.authenticationMechanism=simple
   4. ldapRealm.contextFactory.url=ldap://10.X.X.X:389
   5. ldapRealm.authorizationEnabled=true
   6. ldapRealm.searchBase=DC=ad,DC=something,DC=com
   7. ldapRealm.userSearchBase=DC=ad,DC=something,DC=com
   8. ldapRealm.groupSearchBase=DC=ad,DC=something,DC=com
   9. ldapRealm.rolesByGroup = development: admin, bci: zebci
   10. ldapRealm.userObjectClass=person
   11. securityManager.realms = $ldapRealm

And our roles section is
   1. [roles]
   2. role1 = *
   3. role2 = *
   4. role3 = *
   5. admin = *
   6. zebci = *

And URL
   1. /api/version = authc, roles[admin]
   2. /api/interpreter/** = authc, roles[admin]
   3. /api/configurations/** = authc, roles[admin]
   4. /api/credential/** = authc, roles[admin]
   5. #/** = anon
   6. /** = authc

When we tried to log in in zeppelin with our user of Active Directory we
could do it, but all the users does not have any permission on /interpreter
/configurations /credentials.

We would like to configura to admin (zeppelin group) users match with
development group from AD and have access to all.

but in the other hand we want that zebci group match with bci group from AD
and does not have access to /interpreter /configurations /credentials.

Error log

WARN [2017-11-08 21:25:47,331] ({qtp1734161410-15}
LoginRestApi.java[postLogin]:115) -
{"status":"OK","message":"","body":{"principal":"fmejia","ticket":"251842b9-52ff-4e54-b689-f65f2c5cffe0","
roles":"[]"}}
Thanks in advance for your help

--

Carlos Andrés Zambrano Barrera
Cel: +57 3174373741

<https://mailtrack.io/> Sent with Mailtrack
<https://chrome.google.com/webstore/detail/mailtrack-for-gmail-inbox/ndnaehgpjlnokgebbaldlmgkapkpjkkb?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality>