Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

LDAP integration with Cloudera Data Science Workbench

Highlighted

LDAP integration with Cloudera Data Science Workbench

New Contributor

Hello,

 

I want to integrate cloudera data science workbench (CDSW) with LDAP. I have followed link https://www.cloudera.com/documentation/data-science-workbench/latest/topics/cdsw_external_authentica...

but it is showing "bad gateway"

 

Attached are the configuration for ldap integration. Please help me to do the ldap integrationw ith CDSW.index.png

7 REPLIES 7

Re: LDAP integration with Cloudera Data Science Workbench

Hello there!

 

I have the similar issue.

But i have upgraded version from 1.0 to 1.1.

 

Now i get "socket hang out" error when i try to test the connection between CDSW and LDAP.

 

Please let me know if you find any solution for this issue.

 

 

---------

Venky

Highlighted

Re: LDAP integration with Cloudera Data Science Workbench

I have started with the installation following the instaructions provided in the official docemnt of Cloudera Data Science Workbench.

https://www.cloudera.com/documentation/data-science-workbench/latest/topics/cdsw_install.html

 

CDSW is up and running with no issues now.

 

But My requirement is to integrate the CDSW with LDAP.

 

I have tried doing so with my OPENLDAP server over TLS.

 

Error pops up as :

 

"UNABLE to verify first certificate"

 

I tried using direct bind and search bind.

 

In both the cases the error remains same.

 

I can connect to LDAP using Apache Directory studio over TLS and can query the data.

Highlighted

Re: LDAP integration with Cloudera Data Science Workbench

Cloudera Employee

Are the certs self signed? Just a guess, but if the CA is not found in the truststore it could result in not being able to verify the cert.

Highlighted

Re: LDAP integration with Cloudera Data Science Workbench

In my case,

 

They are internal CA certificates.

Highlighted

Re: LDAP integration with Cloudera Data Science Workbench

Contributor

Hi venkatachetkuri,

If you ldaps server is using a certificate which is signed by an internal CA, you can just upload the internal CA to the "CA Certificate" field, and CDSW will trust your ldaps connection. It only check against the CA provided in that field, it does not matter whether it's public or internal CA.

If it still does not work, you can test with openssl wether the trustchain is set up correctly:

 

openssl s_client -connect your.cdsw.domain.name:443 -CAfile /path/to/your/internal/ca

 

Zsolt

Highlighted

Re: LDAP integration with Cloudera Data Science Workbench

Cloudera Employee

Hi venkatachetkuri,

 

In addition, the "LDAP User Filter" needs to be in the form of:

 

(sAMAccountName={0})

 

.

 

Substitue the "sAMAccountName" part with the user attribute that you use for usernames. "cn" or common name is usually the first name + last name for individual users and typically is not used for usernames.

 

 

Highlighted

Re: LDAP integration with Cloudera Data Science Workbench

Contributor

Hello Sachin81 and venkatachetkuri,

You can specify a CA certificate on the CDSW webui for ldaps, to verify the ldap server which CDSW connects to. This is not optional, a CA with a valid trustchain to the ldaps servers certificate must be provided for CDSW to work.

You can check the certificates your ldap server provides with openssl s_client -connect as a hint which CA to specify for CDSW.

Zsolt

Don't have an account?
Coming from Hortonworks? Activate your account here