I'm trying to write an LDAP query to filter users who have access to zeppelin. For now I want the users with uid=manager or uid=employee to be the only ones who can access the zeppelin notebooks. And I also need the user with uid=admin to have an admin role. NOTE: I'm using freeipa demo for testing.
Tried the following:
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.environment[ldap.searchBase] = CN=users,CN=accounts,dc=demo1,dc=freeipa,dc=org
ldapRealm.contextFactory.url = ldap://ipa.demo1.freeipa.org:389
ldapRealm.userDnTemplate = uid={0},CN=users,CN=accounts,dc=demo1,dc=freeipa,dc=org
ldapRealm.searchBase=CN=accounts,dc=demo1,dc=freeipa,dc=org
ldapRealm.userSearchBase=CN=accounts,dc=demo1,dc=freeipa,dc=org
ldapRealm.userSearchAttributeName = uid
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.userSearchFilter=(&(objectClass=person)((uid=admin)))
which is now allowing all users to access zeppelin.
If I remove the parentheses from
ldapRealm.userSearchFilter=(&(objectClass=person)((uid=manager)))
and change it to
ldapRealm.userSearchFilter=(&(objectClass=person)(uid=manager))
now no one can access zeppelin.