Description
ActiveDirectoryGroupRealm is using "userPrincipalName" for deriving groups that user belongs to, however:
- this field is not mandatory in ActiveDirectory
- can contain user email where domain is different from REALM
in such a scenario user is able to log in but no groups are derived
this was also mentioned in https://github.com/apache/zeppelin/pull/986 but never resolved