[jira] [Created] (ZEPPELIN-2657) Add group search filter option to LdapRealm

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Created] (ZEPPELIN-2657) Add group search filter option to LdapRealm

JIRA jira@apache.org
Vipin Rathor created ZEPPELIN-2657:

             Summary: Add group search filter option to LdapRealm
                 Key: ZEPPELIN-2657
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2657
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-server
    Affects Versions: 0.7.2, 0.8.0
            Reporter: Vipin Rathor

While performing LDAP authentication, current Shiro module does a group=* search while trying to get group-to-role mapping for any LDAP user. On a large LDAP directory, this is a serious problem which might render RolesByGroup feature not working as expected.

Currently while doing LDAP authentication, there is no available option to limit the group search results to the only groups that user is interested in. This bug addresses the same and adds group search filter to Shiro configuration for LdapRealm which will allow user to define a search filter and limit the group search results.

ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0}))

This message was sent by Atlassian JIRA