Reply
New Contributor
Posts: 1
Registered: ‎07-11-2017

LDAP integration with Cloudera Data Science Workbench

Hello,

 

I want to integrate cloudera data science workbench (CDSW) with LDAP. I have followed link https://www.cloudera.com/documentation/data-science-workbench/latest/topics/cdsw_external_authentica...

but it is showing "bad gateway"

 

Attached are the configuration for ldap integration. Please help me to do the ldap integrationw ith CDSW.index.png

Explorer
Posts: 9
Registered: ‎03-29-2017

Re: LDAP integration with Cloudera Data Science Workbench

Hello there!

 

I have the similar issue.

But i have upgraded version from 1.0 to 1.1.

 

Now i get "socket hang out" error when i try to test the connection between CDSW and LDAP.

 

Please let me know if you find any solution for this issue.

 

 

---------

Venky

Explorer
Posts: 9
Registered: ‎03-29-2017

Re: LDAP integration with Cloudera Data Science Workbench

I have started with the installation following the instaructions provided in the official docemnt of Cloudera Data Science Workbench.

https://www.cloudera.com/documentation/data-science-workbench/latest/topics/cdsw_install.html

 

CDSW is up and running with no issues now.

 

But My requirement is to integrate the CDSW with LDAP.

 

I have tried doing so with my OPENLDAP server over TLS.

 

Error pops up as :

 

"UNABLE to verify first certificate"

 

I tried using direct bind and search bind.

 

In both the cases the error remains same.

 

I can connect to LDAP using Apache Directory studio over TLS and can query the data.

Highlighted
Cloudera Employee
Posts: 7
Registered: ‎07-08-2013

Re: LDAP integration with Cloudera Data Science Workbench

Are the certs self signed? Just a guess, but if the CA is not found in the truststore it could result in not being able to verify the cert.

Cloudera Employee
Posts: 31
Registered: ‎05-29-2017

Re: LDAP integration with Cloudera Data Science Workbench

Hello Sachin81 and venkatachetkuri,

You can specify a CA certificate on the CDSW webui for ldaps, to verify the ldap server which CDSW connects to. This is not optional, a CA with a valid trustchain to the ldaps servers certificate must be provided for CDSW to work.

You can check the certificates your ldap server provides with openssl s_client -connect as a hint which CA to specify for CDSW.

Zsolt

Explorer
Posts: 9
Registered: ‎03-29-2017

Re: LDAP integration with Cloudera Data Science Workbench

In my case,

 

They are internal CA certificates.

Cloudera Employee
Posts: 31
Registered: ‎05-29-2017

Re: LDAP integration with Cloudera Data Science Workbench

[ Edited ]

Hi venkatachetkuri,

If you ldaps server is using a certificate which is signed by an internal CA, you can just upload the internal CA to the "CA Certificate" field, and CDSW will trust your ldaps connection. It only check against the CA provided in that field, it does not matter whether it's public or internal CA.

If it still does not work, you can test with openssl wether the trustchain is set up correctly:

 

openssl s_client -connect your.cdsw.domain.name:443 -CAfile /path/to/your/internal/ca

 

Zsolt

Cloudera Employee
Posts: 1
Registered: ‎09-20-2017

Re: LDAP integration with Cloudera Data Science Workbench

Hi venkatachetkuri,

 

In addition, the "LDAP User Filter" needs to be in the form of:

 

(sAMAccountName={0})

 

.

 

Substitue the "sAMAccountName" part with the user attribute that you use for usernames. "cn" or common name is usually the first name + last name for individual users and typically is not used for usernames.

 

 

Announcements