[jira] [Created] (ZEPPELIN-2657) Add group search filter option to LdapRealm

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Created] (ZEPPELIN-2657) Add group search filter option to LdapRealm

JIRA jira@apache.org
Vipin Rathor created ZEPPELIN-2657:
--------------------------------------

             Summary: Add group search filter option to LdapRealm
                 Key: ZEPPELIN-2657
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2657
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-server
    Affects Versions: 0.7.2, 0.8.0
            Reporter: Vipin Rathor


Problem:
While performing LDAP authentication, current Shiro module does a group=* search while trying to get group-to-role mapping for any LDAP user. On a large LDAP directory, this is a serious problem which might render RolesByGroup feature not working as expected.

Fix:
Currently while doing LDAP authentication, there is no available option to limit the group search results to the only groups that user is interested in. This bug addresses the same and adds group search filter to Shiro configuration for LdapRealm which will allow user to define a search filter and limit the group search results.

Example:
{code:java}
ldapRealm = org.apache.zeppelin.realm.LdapRealm
...
...
ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0}))
...
{code}




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Loading...