Created on 10-26-2018 07:25 AM - edited 09-16-2022 06:50 AM
Hello my dear gods of the Big Data!
I'm having the following problems:
Problem #1 - all users are login in as superusers. How is this possible? I have a 5.12 cluster and this isn't happening. On a the new one (CDH 6), Hue is giving this permission to everyone. What am I missing?
Problem #2 - LDAP configuration. Hue isn't using my filters!?
LDAP Configuration:
Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini
[desktop]
[[ldap]]
sync_groups_on_login=true
debug_level=255
trace_level=9
Authentication Backend (LdapBackend ldap_url) - ldap://stuff1.stuff2.stuff3:389
LDAP Username Pattern (ldap_username_pattern) - empty
Use Search Bind Authentication (search_bind_authentication) - True
Create LDAP users on login (create_users_on_login) - True
[26/Oct/2018 14:57:52 +0100] DEBUG search_s('dc=stuff1,dc=stuff2,dc=stuff3', 2, '(&(sAMAccountName=%(user)s)(objectclass=*))') returned 1 objects: cn=myuser,ou=stuff5,dc=stuff1,dc=stuff2,dc=stuff3 [26/Oct/2018 14:57:52 +0100] DEBUG Populating Django user myuser [26/Oct/2018 14:57:53 +0100] WARNING 123.123.123.123 myuser - "POST /hue/accounts/login HTTP/1.1"-- Successful login for user: myuser
(&(sAMAccountName=%(user)s)(objectclass=*))
Instead of what I've set above???
Thanks everyone!
Created 10-30-2018 06:27 AM
We manage to find a... sort of... solution... I think... at least... it seems to be working.
Changed:
LDAP User Filter (user_filter) from empty to
(|(memberOf=CN=GBGDATA1,OU=stuff4, OU=stuff5,DC=stuff1,DC=stuff2,DC=stuff3) (memberOf=CN=GBGDATA2,OU=stuff4, OU=stuff5,DC=stuff1,DC=stuff2,DC=stuff3)(memberOf=CN=GBGDATA3,OU=stuff4, OU=stuff5,DC=stuff1,DC=stuff2,DC=stuff3))
Created on 01-17-2019 07:22 AM - edited 01-17-2019 07:22 AM
Did you find an answer to "Problem #1 - all users are login in as superusers. How is this possible? I have a 5.12 cluster and this isn't happening. On a the new one (CDH 6), Hue is giving this permission to everyone. What am I missing?"
We are facing the same issue now
Created 01-17-2019 10:22 AM
Hi @Timothy,
The issue with superusers is a bug resolved in this upstream Jira:
https://issues.cloudera.org/browse/HUE-8675
There is no CDH release with the fix at this time but it is slated for CDH 6.1.1 (targeted for release in February)
If you need the fix sooner, you could try applying the changes to your code based on the upstream fix.
Created 01-17-2019 10:51 AM
@JoaoBarreto Based on our research it looks like the fix for all users being super users is in the https://github.com/cloudera/hue/commit/5fa75c3176b2065709021284803aa61e9e72f0a5#diff-ce4495f7505de11... but hasn't been merged to master.I see a lot of bugs in the newer versions. We have got several issues with the new hue version which we didnt have before. For example tls doesn't seem to work anymore and it has to be LDAPS.Our EMR is due for upgrades and all these issues are delaying the progress.