软件版本:
zeppelin:zeppelin-0.8.1-bin-all
FreeIPA:4.6.4,安装请参照:https://blog.csdn.net/woloqun/article/details/89980646
Zeppelin配置
mv zeppelin-site.xml.template zeppelin-site.xml
<property>
<name>zeppelin.anonymous.allowed</name>
<value>false</value>
<description>Anonymous user allowed by default</description>
</property>
配置LDAP
mv shiro.ini.template shiro.ini
[main]
ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm
ldapRealm.contextFactory.environment[ldap.searchBase] = dc=haohaozhu,dc=hadoop
ldapRealm.contextFactory.url = ldap://zeppelin.haohaozhu.hadoop:389
ldapRealm.userDnTemplate = uid={0},cn=users,cn=accounts,dc=haohaozhu,dc=hadoop
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.contextFactory.systemUsername= uid=admin,cn=users,cn=accounts,dc=haohaozhu,dc=hadoop
ldapRealm.contextFactory.systemPassword= hadoop123
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = JSESSIONID
cookie.httpOnly = true
#cookie.secure = true
sessionManager.sessionIdCookie = $cookie
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
zeppelinadmin = *
[urls]
/api/version = anon
#/api/interpreter/setting/restart/** = authc
/api/interpreter/** = authc, roles[zeppelinadmin]
#/api/configurations/** = authc, roles[admin]
#/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc
FreeIPA添加用户
zeppelin登录
右上角显示登录用户
在FreeIPA中添加zeppelinadmin角色,并给admin添加zeppelinadmin角色,这样admin用户就拥有了配置interpreter的权限;