Reply
Highlighted
New Contributor
Posts: 3
Registered: ‎05-20-2014

Hue/LDAP integration

Hi,

 

Just wanted to know if it is possible to integrate HDFS and other CDH services with LDAP without Kerberizing the setup.

For example can I import a set of users from LDAP and add them to various groups in Hue and HDFS in order to control access?

I do not want to define my hdfs groups in LDAP and import them into hdfs, and I want to do access control for a group and not for individuals.

 

Thanks.

Posts: 354
Topics: 162
Kudos: 60
Solutions: 27
Registered: ‎06-26-2013

Re: Hue/LDAP integration

New Contributor
Posts: 3
Registered: ‎05-20-2014

Re: Hue/LDAP integration

Hi JKestelyn,

Thanks for your response.

I did see this one before, but this one seems to be focused on ldap integration of hue. I am looking at a more end to end solution :(

 

These are the things I would like to perform:

1. Create various groups in hue. This is possible as of today.
2. Should be able to map these groups to hdfs and mapred groups.
3. Assign space/name quota and queues to these groups.
4. Assign various application permission to these groups. This is also possible as of today.
5. Import users from my existing directory server and add them to various hue groups (possible today).
6. These users will be restricted by the quotas and queues assigned to their group and also the permissions to individual apps.
7. I am talking about a pure web UI based access to all services. No ssh to any host on the cluster, except for admin purposes.
8. All of these without kerberizing our cluster.

 

Question is how to perform step 2?

Cloudera Employee
Posts: 723
Registered: ‎07-30-2013

Re: Hue/LDAP integration

#2 if you want to do this, you need to import the users from LDAP, then manually add them to your Hue groups (it is for this it is easier to re-use LDAP groups).

 

New Contributor
Posts: 3
Registered: ‎05-20-2014

Re: Hue/LDAP integration

Hi Romain,

 

Thanks for the response. I think that is exactly what I want to do. Import users from ldap, manually assign them to hue groups. I don't want to be dependent on ldap groups, because those are influenced by a much larger org structure as compared to the number of users of hdfs.

 

My question therefore boils down to:

- when create a group in hue, and add users to this group, does this automatically reflect in hdfs?

- or alternately create a group in hdfs first, and is there a way to get that in hue, so that I can assign users to it?

Then I think I can create a directory in hdfs chown to some ldap user from this group and give all access to the group itself.

My expectation is that we should not be required to open up any service other than hue, for users to be able to leverage our hdfs.

 

Thanks.

Cloudera Employee
Posts: 723
Registered: ‎07-30-2013

Re: Hue/LDAP integration

"- when create a group in hue, and add users to this group, does this
automatically reflect in hdfs?

- or alternately create a group in hdfs first, and is there a way to get
that in hue, so that I can assign users to it?"


Hue is just a view on top of HDFS. In your case, it might be preferable to
create some groups in Hue that corresponds to your existing HDFS groups.

The groups in Hue means only: "which Hue application the users can access".

But it will work if you pick the same group names in Hue and HDFS.

Romain





Announcements