From 95b8576ba1b96ec3fc56fcc5c1f380df8306b7f0 Mon Sep 17 00:00:00 2001 From: Paul Zhang Date: Tue, 16 Aug 2022 12:27:36 +0800 Subject: [PATCH] Enriched LdapRealm configuration in Shiro Authentication and fixed some wrong config items. --- docs/setup/security/shiro_authentication.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/setup/security/shiro_authentication.md b/docs/setup/security/shiro_authentication.md index f48783779fe..01f6d0ba08b 100644 --- a/docs/setup/security/shiro_authentication.md +++ b/docs/setup/security/shiro_authentication.md @@ -152,17 +152,19 @@ The other more flexible option is to use the LdapRealm. It allows for mapping of ldapRealm=org.apache.zeppelin.realm.LdapRealm ldapRealm.contextFactory.authenticationMechanism=simple -ldapRealm.contextFactory.url=ldap://localhost:33389 -ldapRealm.userDnTemplate=uid={0},ou=people,dc=hadoop,dc=apache,dc=org +ldapRealm.contextFactory.url = ldap://localhost:33389 +ldapRealm.userDnTemplate = uid={0},ou=people,dc=hadoop,dc=apache,dc=org # Ability to set ldap paging Size if needed default is 100 ldapRealm.pagingSize = 200 -ldapRealm.authorizationEnabled=true -ldapRealm.contextFactory.systemAuthenticationMechanism=simple -ldapRealm.searchBase=dc=hadoop,dc=apache,dc=org +ldapRealm.authorizationEnabled = true +ldapRealm.contextFactory.authenticationMechanism = simple +ldapRealm.searchBase = dc=hadoop,dc=apache,dc=org ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org -ldapRealm.groupObjectClass=groupofnames +ldapRealm.groupObjectClass = groupofnames # Allow userSearchAttribute to be customized +# If userSearchAttributeName was configured, Zeppelin would use userObjectClass and userSearchAttributeName to search for an actual user DN +# Otherwise, memberAttributeValueTemplate would be used to construct the user DN. ldapRealm.userSearchAttributeName = sAMAccountName ldapRealm.memberAttribute=member # force usernames returned from ldap to lowercase useful for AD