Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
This issue is discovered with https://issues.apache.org/jira/browse/ZEPPELIN-3455?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&focusedCommentId=16517800#comment-16517800
Zeppelin auth fails if `activeDirectoryRealm.groupRolesMap` is not specified.
Sample shiro.ini that fails:
activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = userNameA activeDirectoryRealm.systemPassword = passwordA activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM activeDirectoryRealm.url = ldap://ldap.test.com:389 #activeDirectoryRealm.groupRolesMap = "CN=admin,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"admin","CN=finance,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"finance","CN=hr,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"hr" activeDirectoryRealm.authorizationCachingEnabled = false
With this exception:
Caused by: java.lang.NullPointerException at org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.getListRoles(ActiveDirectoryGroupRealm.java:294) at org.apache.zeppelin.utils.SecurityUtils.getRoles(SecurityUtils.java:166) at org.apache.zeppelin.rest.LoginRestApi.proceedToLogin(LoginRestApi.java:142) at org.apache.zeppelin.rest.LoginRestApi.postLogin(LoginRestApi.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498)
Workaround:
insert an empty line config as
#activeDirectoryRealm.groupRolesMap = "":""
Attachments
Issue Links
- links to