10-30-2018 06:33 AM
Me and my team have been struggling with the setup of CM and the External Authentication.
We would like to block the access to users who don't belong to a certain group our pattern.
We want to completely block the access in the login menu. I don't want them to even enter the CM backoffice.
Is this possible to do? We have been testing with LDAP parameters with no sucess. It seems that if the user is authenticated in the AD it will enter CM no matter what...
Any ideas? Sugestions?
10-31-2018 12:11 AM
You could configure external authentication in CM. In this you can set up a script to reject anyone who is not in certain groups or any other scheme you like. Does this help?
10-31-2018 01:05 AM - edited 10-31-2018 01:05 AM
Thank you for your answer!
If I understood correctly what you are saying is that, Cloudera Manager won't block any correct logins, even if you have a LDAP user/group filter?
In order to block a login (in the login screen, if user/password is validated by the AD) we need to create a script with the information you gave me?
Thank you for your time Gautam!
10-31-2018 01:10 AM
From what I know, setting up those groups will allow you to log on with that privilege. Others will just be read-only users. With external authentication, you can return a negative number, even if user+password is valid. This prevents them from logging on.