Reply
Expert Contributor
Posts: 104
Registered: ‎10-04-2017

How to configure cloudera navigator to access multiple Active Directory/LDAP servers

Hi,

 

We are using CM 5.14 and CDH 5.14. We have configured Hue to use multiple AD domains but we do not have any info on how it can be done on Cloudera navigator. Any pointers are appreciated.

 

Thanks

Posts: 1,106
Topics: 1
Kudos: 284
Solutions: 134
Registered: ‎04-22-2014

Re: How to configure cloudera navigator to access multiple Active Directory/LDAP servers

@RajeshBodolla,

 

There isn't any concept of multiple ldap domains in Navigator or Cloudera Manager as you have configured in Hue.

Maybe you could describe what you are trying to accomplish and see if the community can offer some alternatives.

Expert Contributor
Posts: 104
Registered: ‎10-04-2017

Re: How to configure cloudera navigator to access multiple Active Directory/LDAP servers

Hi @bgooley

 

We have users in multiple domins that want access to navigator UI but the configurations allow only one AD domain and there is no option in Navigator to add individual users as well if we have to add local users instead of AD users. The option in cloudera manager provides navigator admin access to local users while we require read-only in navigator.

Posts: 1,106
Topics: 1
Kudos: 284
Solutions: 134
Registered: ‎04-22-2014

Re: How to configure cloudera navigator to access multiple Active Directory/LDAP servers

@RajeshBodolla,

 

There are a few options I can offer:

 

  1. Create a separate LDAP server for auth so that you can have your Navigator users in one place
  2. Use SAML
  3. Implement an LDAP proxy solution like OpenLDAP "meta" backend so that Navigator talks to the LDAP proxy and the proxy sends requests to several LDAP backends.

 

Some proxy info:

 

https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD

https://linoxide.com/linux-how-to/configure-ad-authentication-ldap-proxy-tls-ssl/
http://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektion=0&manpath=OpenLDAP+2.4-R...

 

There may be other solutions, but those are certainly valid