Getting Started
Prerequisites
To use LDAP or Active Directory (AD) as the identity store, LDAP or AD must be installed and running on your cluster. You will need LDAP or AD coordinates to configure them for use with Zeppelin. In addition, the associated user accounts must be defined on your Zeppelin nodes.
Configuring Security on an Ambari-Managed Cluster
If your cluster is managed by Ambari, navigate to the Configs tab and edit settings in the "Advanced zeppelin-env", "Advanced zeppelin-config", "zeppelin-log4j-properties" and "zeppelin-shiro-ini" sections, as described in following subsections.
Changes to shiro_ini_content require restarting the Zeppelin server. Ambari
indicates this with a warning, and offers a menu option to restart Zeppelin.
Configuring Security on a Cluster Not Managed by Ambari
If your cluster is not managed by Ambari:
Locate the
shiro.initemplate file in the Zeppelin/conffolder:/usr/hdp/current/zeppelin-server/conf/shiro.ini.template.Copy the template file as
shiro.ini:/usr/hdp/current/zeppelin-server/conf/shiro.iniEdit
shiro.inifile contents, as described in the following subsections.After editing the
shiro.inifile, restart the Zeppelin server:./bin/zeppelin-daemon.sh restart
shiro.ini Structure
The shiro_ini_content property (Ambari) and shiro.ini
file (non-Ambari) contain several sections for configuring authentication:
[main], which contains definitions for LDAP or Active Directory objects and properties.[users], which can be used to specify user accounts and passwords for simple deployments that do not require secure passwords, and require only a small number of statically-defined accounts.[roles], for defining roles associated with access control.[urls], for configuring URL-based security. For Zepplin, the[urls]section is used to specify authentication method and define access control filters.
For more information about Shiro configuration and processing, see Apache Shiro Configuration.