我想配置我的齐柏林飞船,用ldap对我的AD进行身份验证。我在conf/shiro.ini中配置了以下信息:
ldapRealmExtern = org.apache.zeppelin.realm.LdapRealm
ldapRealmExtern.contextFactory.url = ldap://authentication.mycompany.com:389
ldapRealmExtern.contextFactory.systemUsername = CN=user,OU=XX_Func,OU=XX_Users,OU=XX_ACC,OU=XX,DC=xx,DC=FR
ldapRealmExtern.contextFactory.systemPassword = ******
ldapRealmExtern.contextFactory.authenticationMechanism = simple
ldapRealmExtern.authorizationEnabled = true
ldapRealmExtern.userSearchBase = dc=xx,dc=FR
#ldapRealmExtern.userSearchFilter = (&(cn={0})(objectclass=organizationalPerson))
ldapRealmExtern.userSearchFilter = cn={0}
ldapRealmExtern.userObjectClass = organizationalPerson
ldapRealmExtern.userSearchAttributeName = cn
ldapRealmExtern.groupObjectClass = group
ldapRealmExtern.memberAttribute = member
ldapRealmExtern.groupSearchBase = dc=xx,dc=FR
ldapRealmExtern.groupSearchFilter = member={0}
ldapRealmExtern.memberAttributeValueTemplate=cn={0},OU=XX_Intern,OU=XX_Users,OU=XX_ACC,OU=XX,DC=xx,DC=FR
当我启动齐柏林飞船时,我可以登录,但会抛出以下异常:
WARN [2020-12-03 06:16:56,887] ({qtp1580893732-92} ModularRealmAuthenticator.java[doMultiRealmAuthentication]:224) - Realm [org.apache.zeppelin.realm.LdapRealm@33f9f341] threw an exception during a multi-realm authentication attempt:
java.lang.IllegalArgumentException: principal argument cannot be null.
at org.apache.shiro.subject.SimplePrincipalCollection.add(SimplePrincipalCollection.java:104)
at org.apache.shiro.subject.SimplePrincipalCollection.<init>(SimplePrincipalCollection.java:59)
at org.apache.shiro.authc.SimpleAuthenticationInfo.<init>(SimpleAuthenticationInfo.java:93)
at org.apache.zeppelin.realm.LdapRealm.createAuthenticationInfo(LdapRealm.java:985)
at org.apache.shiro.realm.ldap.DefaultLdapRealm.queryForAuthenticationInfo(DefaultLdapRealm.java:377)
at org.apache.zeppelin.realm.LdapRealm.queryForAuthenticationInfo(LdapRealm.java:268)
at org.apache.shiro.realm.ldap.DefaultLdapRealm.doGetAuthenticationInfo(DefaultLdapRealm.java:295)
at org.apache.zeppelin.realm.LdapRealm.doGetAuthenticationInfo(LdapRealm.java:217)
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
at org.apache.shiro.web.filter.authc.FormAuthenticationFilter.onAccessDenied(FormAuthenticationFilter.java:154)
at org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133)
at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1588)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1557)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:502)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:411)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:305)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
at java.lang.Thread.run(Thread.java:748)
我还有一个日志,上面写着我没有任何角色:
WARN [2020-12-03 06:16:56,947] ({qtp1580893732-92} LoginRestApi.java[postLogin]:206) - {"status":"OK","message":"","body":{"principal":"myuser","ticket":"cb575d5e-a170-4e5f-9160-8350b3853943","roles":"[]"}}
你知道这种配置出了什么问题吗?如何使用AD获取组?
感谢
一个解决方案是将Apache Zeppelin升级到0.9.0-preview2。然后在active directory上的登录再次工作。
我们也面临同样的错误。我们仍然遇到异常,但我们设法为用户填充了角色,并且授权正在工作。我们改变了许多属性,但不同的属性是:
ldapRealm.groupSearchEnableMatchingRuleInChain=真