We need to configure Superset, running within HDP 3.1, to use existing LDAP.
We could not find any proper documentation on how to do this. Are there any defined steps?
Thanks in advance.
I also need it.
AUTH_TYPE = AUTH_LDAP AUTH_USER_REGISTRATION = True AUTH_LDAP_SERVER = "ldap://XXX" AUTH_LDAP_SEARCH="dc=XXX,dc=com" AUTH_LDAP_APPEND_DOMAIN = "XXX.com" AUTH_LDAP_UID_FIELD="userPrincipalName" AUTH_LDAP_FIRSTNAME_FIELD="givenName" AUTH_LDAP_LASTTNAME_FIELD="sn" AUTH_LDAP_USE_TLS = False
@jingyong zou you should not use AUTH_LDAP_APPEND_DOMAIN unless your users are authenticating using the fully qualified principal name as in "email@example.com" instead of simply "username". If you use uid or samAccountName as AUTH_LDAP_UID_FIELD (as is the case with OpenLDAP, IPA or AD) then this is not needed,
Also check the values for the parameters AUTH_USER_REGISTRATION=True and AUTH_USER_REGISTRATION_ROLE which should be set to a valid role in Superset (Public, Gamma, Alpha o Admin).
Another not very documented parameter which may be important depending on your LDAP setup is AUTH_LDAP_USERNAME_FORMAT, check this also.
With the previous advises in mind, check carefully the following documentation articles and you may be able to find your appropiate options combination to make LDAP work with Superset:
A tcpdump capture in your Superset server + wireshark analysis may be also of much help to debug what is your current Superset config sending to the LDAP server. In my case this was the "final step" to fit all the pieces.