Integrate Hadoop Hue with LDAP

Authenticate Hue Users with LDAP

Environment: CDH 5.12 on RHEL, Active Directory LDAP

We will use Search Bind as it seems to be compatible with both AD and LDAP.

We will follow the steps in the below manual:

  1. Log on to Cloudera Manager and click Hue.
  2. Click the Configuration tab and filter by scope=Service-wide and category=Security.
  3. Set the following required properties:

 

Authentication Backend desktop.auth.backend.LdapBackend  (note: earlier it was set as desktop.auth.backend.AllowFirstUserDjangoBackend )

 

LDAP URL ldaps://<ldap_server>:636 (or ldap://<ldap_server>:389)
LDAP Server CA Certificate left as blank
Enable LDAP TLS FALSE if using LDAPS or not encrypting
Active Directory Domain left as blank as we are using Search Bind
LDAP Username Attribute left as blank as we are using Search Bind
Use Search Bind Authentication click TRUE
Create LDAP users on login TRUE
LDAP Search Base dc=mycompany,dc=com
LDAP Bind User Distinguished Name CN=binduserid,DC=mycompany,DC=com
LDAP Bind password <password>
LDAP Username for Test LDAP testusername
LDAP Username attribute  userPrincipalName

Run the Hue->Test LDAP Configuration:

  1. Click Save Changes.
  2. Select ActionsTest LDAP Configuration.
  3. Click Test LDAP Configuration.
  4. Restart Huewhen the test succeeds and log on to the Hue Web UI with LDAP userid/password.

 

NEXT to configure multiple authentication backend: first check ldap userid then local hue database userid and password:

This tells Hue to first check against the configured LDAP directory service, and if the username is not found in the directory, then attempt to authenticate the user with the Django user manager.

In Cloudera Manager->HUE->Configuration

Find the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini  (note dont use the hue_safety_valve_server.ini) . Enter below values:

[desktop]
  [[auth]]
  backend=desktop.auth.backend.LdapBackend,desktop.auth.backend.AllowFirstUserDjangoBackend

 

After restart we get both LDAP and local dropdown options to login.

 

References:

https://www.cloudera.com/documentation/enterprise/latest/topics/hue_sec_ldap_auth.html

http://gethue.com/configuring-hue-multiple-authentication-backends-and-ldap/

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.