Enriched LdapRealm configuration in Shiro Authentication and fixed so…

…me wrong config items.
apache · Aug 16, 2022 · 95b8576 · 95b8576
1 parent d2cdb77
commit 95b8576
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/docs/setup/security/shiro_authentication.md b/docs/setup/security/shiro_authentication.md
@@ -152,17 +152,19 @@ The other more flexible option is to use the LdapRealm. It allows for mapping of
 ldapRealm=org.apache.zeppelin.realm.LdapRealm
 
 ldapRealm.contextFactory.authenticationMechanism=simple
-ldapRealm.contextFactory.url=ldap://localhost:33389
-ldapRealm.userDnTemplate=uid={0},ou=people,dc=hadoop,dc=apache,dc=org
+ldapRealm.contextFactory.url = ldap://localhost:33389
+ldapRealm.userDnTemplate = uid={0},ou=people,dc=hadoop,dc=apache,dc=org
 # Ability to set ldap paging Size if needed default is 100
 ldapRealm.pagingSize = 200
-ldapRealm.authorizationEnabled=true
-ldapRealm.contextFactory.systemAuthenticationMechanism=simple
-ldapRealm.searchBase=dc=hadoop,dc=apache,dc=org
+ldapRealm.authorizationEnabled = true
+ldapRealm.contextFactory.authenticationMechanism = simple
+ldapRealm.searchBase = dc=hadoop,dc=apache,dc=org
 ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org
 ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org
-ldapRealm.groupObjectClass=groupofnames
+ldapRealm.groupObjectClass = groupofnames
 # Allow userSearchAttribute to be customized
+# If userSearchAttributeName was configured, Zeppelin would use userObjectClass and userSearchAttributeName to search for an actual user DN
+# Otherwise, memberAttributeValueTemplate would be used to construct the user DN.
 ldapRealm.userSearchAttributeName = sAMAccountName
 ldapRealm.memberAttribute=member
 # force usernames returned from ldap to lowercase useful for AD