Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cloudbreak UI LDAP Integration

Highlighted

Cloudbreak UI LDAP Integration

Explorer

Hi,

I wanted to post this question before getting further down this path. Has anyone integrated the cloudbreak UI with LDAP? I am interesting in controlling user access to this console with active directory.

I know the components involved in the authentication are UAA and Uluwatu but I want to ask how safe it is for me to make changes to the uaa.yml since the UAA runs in docker. I would like to add the LDAP properties to this file and have the service utilize active directory instead of the local user store.

For reference UAA Docs: https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-LDAP.md

Does anyone have any thoughts on this? Has anyone accomplished this? If not, I'm going to go down this path and I'll share notes on this forum for other users who might be interested.

Thanks

2 REPLIES 2
Highlighted

Re: Cloudbreak UI LDAP Integration

Contributor

Yes, we did it - we will come up with an example next week, stay tuned. Feel free to go ahead with your thoughts on this, however this is what is coming:

1. Authentication from LDAP/AD

2. LDAP/AD group mappings to UAA scopes - as you know in Cloudbreak every resource has a scope - thus based on your LDAP/AD settings you can allow/restrict users to operations on resources

3. Visibility of resources based on LDAP/AD groups - this requires some code changes on our side and we are working on this currently.

For 1-2 you can already do that by creating an UAA mapping table and generate the groups to UAA scopes

Copy the group names to a file (groups.txt): select displayname from groups; (remove first space chars and empty lines) Then you can use sigil to generate the SQL inserts for the external group mapping table.

Save this into a file (sigil.template):

{{ range $k, $v := stdin|split "\n"}} INSERT INTO external_group_mapping (group_id, external_group, added, origin) VALUES ((select id from groups where displayname='{{$v}}'), 'cn=admin,ou=scopes,dc=ad,dc=seq,dc=com', '2016-09-30 19:28:24.255', 'ldap');{{end}} then: cat groups.txt | sigil -f sigil.template

You can get the sigil tool from https://github.com/gliderlabs/sigil.

Highlighted

Re: Cloudbreak UI LDAP Integration

Explorer

Thanks. If you could post the link to an example process when you have it, that would be great. I appreciate the help!

Don't have an account?
Coming from Hortonworks? Activate your account here