Apache Zeppelin supports integration with Active Directory/LDAP via the Shiro pluggable authentication module.
|zeppelin-config||zeppelin.anonymous.allowed: false||This disables anonymous access to Zeppelin|
|zeppelin-env||The shiro_ini_content setting should be configured with the following:
|The first few lines under main defines the user account and password to use to connect to the domain controller.
We then define the search base path to use when looking up users/groups.
We then define the domain controller to connect to.
The last line enables authentication for all URLs.
- Through the Ambari web interface or;
- You can make these changes at cluster deployment time with ARM template HDInsight bootstrap configuration, although these configuration files are not officially listed in the Microsoft documentation it is possible to configure these in an ARM template (in the clusterDefinition, configurations section).
The only problem is you will not likely want to add the password to the ARM template so you could add the password via the Ambari web interface post deployment or inject it into the template at runtime.