Support Questions

Find answers, ask questions, and share your expertise

LDAP integration with Cloudera Data Science Workbench

New Contributor



I want to integrate cloudera data science workbench (CDSW) with LDAP. I have followed link

but it is showing "bad gateway"


Attached are the configuration for ldap integration. Please help me to do the ldap integrationw ith CDSW.index.png


Hello there!


I have the similar issue.

But i have upgraded version from 1.0 to 1.1.


Now i get "socket hang out" error when i try to test the connection between CDSW and LDAP.


Please let me know if you find any solution for this issue.





I have started with the installation following the instaructions provided in the official docemnt of Cloudera Data Science Workbench.


CDSW is up and running with no issues now.


But My requirement is to integrate the CDSW with LDAP.


I have tried doing so with my OPENLDAP server over TLS.


Error pops up as :


"UNABLE to verify first certificate"


I tried using direct bind and search bind.


In both the cases the error remains same.


I can connect to LDAP using Apache Directory studio over TLS and can query the data.

Cloudera Employee

Are the certs self signed? Just a guess, but if the CA is not found in the truststore it could result in not being able to verify the cert.

In my case,


They are internal CA certificates.


Hi venkatachetkuri,

If you ldaps server is using a certificate which is signed by an internal CA, you can just upload the internal CA to the "CA Certificate" field, and CDSW will trust your ldaps connection. It only check against the CA provided in that field, it does not matter whether it's public or internal CA.

If it still does not work, you can test with openssl wether the trustchain is set up correctly:


openssl s_client -connect -CAfile /path/to/your/internal/ca



Cloudera Employee

Hi venkatachetkuri,


In addition, the "LDAP User Filter" needs to be in the form of:






Substitue the "sAMAccountName" part with the user attribute that you use for usernames. "cn" or common name is usually the first name + last name for individual users and typically is not used for usernames.




Hello Sachin81 and venkatachetkuri,

You can specify a CA certificate on the CDSW webui for ldaps, to verify the ldap server which CDSW connects to. This is not optional, a CA with a valid trustchain to the ldaps servers certificate must be provided for CDSW to work.

You can check the certificates your ldap server provides with openssl s_client -connect as a hint which CA to specify for CDSW.