Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to configure Superset to use LDAP?

How to configure Superset to use LDAP?

Rising Star

We need to configure Superset, running within HDP 3.1, to use existing LDAP.

We could not find any proper documentation on how to do this. Are there any defined steps?

Thanks in advance.

7 REPLIES 7

Re: How to configure Superset to use LDAP?

New Contributor

I also need it.


AUTH_TYPE = AUTH_LDAP 
AUTH_USER_REGISTRATION = True 
AUTH_LDAP_SERVER = "ldap://XXX"
AUTH_LDAP_SEARCH="dc=XXX,dc=com"
AUTH_LDAP_APPEND_DOMAIN = "XXX.com"
AUTH_LDAP_UID_FIELD="userPrincipalName"
AUTH_LDAP_FIRSTNAME_FIELD="givenName"
AUTH_LDAP_LASTTNAME_FIELD="sn"
AUTH_LDAP_USE_TLS = False

Re: How to configure Superset to use LDAP?

Community Manager

The above question and the reply thread below was originally posted in the Community Help Track. On Fri May 24 03:20 UTC 2019, a member of the HCC moderation staff moved it to the Security track. The Community Help Track is intended for questions about using the HCC site itself.

Bill Brooks, Community Manager
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Re: How to configure Superset to use LDAP?

Expert Contributor

@jingyong zou you should not use AUTH_LDAP_APPEND_DOMAIN unless your users are authenticating using the fully qualified principal name as in "username@mydomain.com" instead of simply "username". If you use uid or samAccountName as AUTH_LDAP_UID_FIELD (as is the case with OpenLDAP, IPA or AD) then this is not needed,

Also check the values for the parameters AUTH_USER_REGISTRATION=True and AUTH_USER_REGISTRATION_ROLE which should be set to a valid role in Superset (Public, Gamma, Alpha o Admin).

Another not very documented parameter which may be important depending on your LDAP setup is AUTH_LDAP_USERNAME_FORMAT, check this also.

With the previous advises in mind, check carefully the following documentation articles and you may be able to find your appropiate options combination to make LDAP work with Superset:

A tcpdump capture in your Superset server + wireshark analysis may be also of much help to debug what is your current Superset config sending to the LDAP server. In my case this was the "final step" to fit all the pieces.

Re: How to configure Superset to use LDAP?

New Contributor

HDP3.1 + Superset 0.23.0 ,I don't know how to configure it

108975-1559022484776.png

Re: How to configure Superset to use LDAP?

New Contributor

Have you made any progress on this?

Re: How to configure Superset to use LDAP?

Contributor

Ditto on the need.  I filled in all the fields in Ambari (in a Kerberized cluster) and no luck.  Is there supposed to be any logging somewhere other than /var/log/superset/superset.log to show either issues or attempts to login?

Re: How to configure Superset to use LDAP?

Expert Contributor

@jeff_watson 

To enable debug on superset logs, follow below steps

  1. Stop Superset from Ambari

  2. Add this line at the end of /usr/hdp/current/superset/lib/python3.4/site-packages/superset/__init.py

 

logging.getLogger('flask_appbuilder').setLevel(logging.DEBUG)

 

3. Then Start superset manually using following command 

 

source /usr/hdp/current/superset/conf/superset-env.sh ; /usr/hdp/current/superset/bin/python3.4 /usr/hdp/current/superset/bin/gunicorn --log-level debug -b `hostname`:9088 superset:app

 

 

Don't have an account?
Coming from Hortonworks? Activate your account here