I am not the Active Directory admin, but with the proper documentation and opening of tickets, I can get the Cloudera system authenticating to AD.
What I have:
I have an AD group called ClouderaUsers
I have a service account to query AD when a user logs into Hue
The user must be a member of the ClouderaUsers security group
I have set up kerberos on my development Cloudera environment
Looking at the instructions on the Cloudera site, it seems that Cloudera Manager is going to be a user authority, meaning I create user accounts in CM. I cannot create user accounts in AD, all provisioning goes through a security team, and AD is our authentication authority.
I want to use AD to authenticate users in the ClouderaUsers group, if a user is not a member, they will be denied.
Is this possible?
I'd start by getting some background on Cloudera Manager authentication here:
That will likely answer your question and give you some background on how the LDAP configuration in Cloudera Manager works. If you have questions, let us know.