Reply
Contributor
Posts: 36
Registered: ‎01-11-2016

How to configure Hue to access multiple Active Directory/LDAP servers

Hi,

 

Wondering if anyone can provide a URL or doco on how to setup Hue (via the Hue GUI and Cloudera Manager) so we bind/import AD Groups and Users from multiple different Active Directory/LDAP servers/domains ?

 

We've got this working with multiple AD Groups and Users in a single Active Directory/LDAP/domain, but need to include Groups and Users in a 2nd different Active Directory/LDAP/domain also.

 

I've read various non-Cloudera documents like this:

 

http://gethue.com/making-hadoop-accessible-to-your-employees-with-ldap/

 

But they don't seem to mention multiple different Active Directory/LDAP servers/domains.....

 

Any assistance would be fantastic and as usual, very much appreciated !

 

 

Thanks,

 

Damion.

 

 

Posts: 395
Topics: 1
Kudos: 88
Solutions: 51
Registered: ‎04-22-2014

Re: How to configure Hue to access multiple Active Directory/LDAP servers

Contributor
Posts: 36
Registered: ‎01-11-2016

Re: How to configure Hue to access multiple Active Directory/LDAP servers

Thanks for the quick reply Ben, much appreciated.

 

Call me a bit s l o w, but can this (and shouldn't this) be done via Cloudera Manager -> Hue -> Configuraiton (LDAP search) ?

 

If I manually edit the /etc/hue/conf/hue.ini file and add a LDAP server configuration parameters....wont these get over-written/replaced by a new hue.ini rollout when a new Cloudera Manager client configuration for Hue is deployed ?

 

 

At the moment I have set the below configuration parameters in Cloudera Manager -> Hue -> Configuraiton....

 

Is it possible to set multiple values (separated by ",") for parameters at points 3), 7), 8) and 9) below ?

 

 

1) "Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini"

 

     [desktop]
          [[auth]]
          backend=desktop.auth.backend.LdapBackend,desktop.auth.backend.AllowFirstUserDjangoBackend
     [[ldap]]

 

 

2) "Authentication Backend"

 

     desktop.auth.backend.AllowAllBackend

 

 

3) "LDAP URL"

 

     ldaps://{obfuscated_fqdn_of_our_ms_ad_ldap_machine_cdh_cluster_domain}.com.au:636

 

 

4) "Use Search Bind Authentication"

 

     Ticked this checkbox

 

 

5) "Enable LDAP TLS"

 

     Ticked this checkbox

 

 

6) "Create LDAP users on login"

 

     Ticked this checkbox

 

 

7) "LDAP Search Base"

 

     OU=Prod,OU=Clusters,OU=cdh,DC=cdh,DC={ofuscated_customer_name},DC=com,DC=au

 

 

8) "LDAP Bind User Distinguished Name"

 

     {obfuscated_user}@{OBFUSCATED_REALM}

 

 

9) "LDAP Bind Password"

 

     {ofuscated_password}

 

 

 

Thanks,

 

Damion.

 
Highlighted
Posts: 614
Topics: 3
Kudos: 93
Solutions: 61
Registered: ‎08-16-2016

Re: How to configure Hue to access multiple Active Directory/LDAP servers

Yes it can all be done in CM and if you do it manually CM will override it or the service won't even use it.

You just need to add the second LDAP server and the bind information in same ACS and section.
Announcements