07-11-2017 12:18 PM
I want to integrate cloudera data science workbench (CDSW) with LDAP. I have followed link https://www.cloudera.com/documentation/data-science-workbench/latest/topics/cdsw_external_authentica...
but it is showing "bad gateway"
Attached are the configuration for ldap integration. Please help me to do the ldap integrationw ith CDSW.
08-01-2017 01:28 PM
I have the similar issue.
But i have upgraded version from 1.0 to 1.1.
Now i get "socket hang out" error when i try to test the connection between CDSW and LDAP.
Please let me know if you find any solution for this issue.
08-03-2017 09:34 AM
I have started with the installation following the instaructions provided in the official docemnt of Cloudera Data Science Workbench.
CDSW is up and running with no issues now.
But My requirement is to integrate the CDSW with LDAP.
I have tried doing so with my OPENLDAP server over TLS.
Error pops up as :
"UNABLE to verify first certificate"
I tried using direct bind and search bind.
In both the cases the error remains same.
I can connect to LDAP using Apache Directory studio over TLS and can query the data.
09-18-2017 06:02 AM
Hello Sachin81 and venkatachetkuri,
You can specify a CA certificate on the CDSW webui for ldaps, to verify the ldap server which CDSW connects to. This is not optional, a CA with a valid trustchain to the ldaps servers certificate must be provided for CDSW to work.
You can check the certificates your ldap server provides with openssl s_client -connect as a hint which CA to specify for CDSW.
09-20-2017 08:40 AM - edited 09-20-2017 08:41 AM
If you ldaps server is using a certificate which is signed by an internal CA, you can just upload the internal CA to the "CA Certificate" field, and CDSW will trust your ldaps connection. It only check against the CA provided in that field, it does not matter whether it's public or internal CA.
If it still does not work, you can test with openssl wether the trustchain is set up correctly:
openssl s_client -connect your.cdsw.domain.name:443 -CAfile /path/to/your/internal/ca
09-20-2017 02:28 PM
In addition, the "LDAP User Filter" needs to be in the form of:
Substitue the "sAMAccountName" part with the user attribute that you use for usernames. "cn" or common name is usually the first name + last name for individual users and typically is not used for usernames.