Support Questions

Sachin81 · ‎07-11-2017

Hello,

I want to integrate cloudera data science workbench (CDSW) with LDAP. I have followed link https://www.cloudera.com/documentation/data-science-workbench/latest/topics/cdsw_external_authentica...

but it is showing "bad gateway"

Attached are the configuration for ldap integration. Please help me to do the ldap integrationw ith CDSW.

venkatachetkuri · ‎08-01-2017

Hello there!

I have the similar issue.

But i have upgraded version from 1.0 to 1.1.

Now i get "socket hang out" error when i try to test the connection between CDSW and LDAP.

Please let me know if you find any solution for this issue.

---------

Venky

venkatachetkuri · ‎08-03-2017

I have started with the installation following the instaructions provided in the official docemnt of Cloudera Data Science Workbench.

https://www.cloudera.com/documentation/data-science-workbench/latest/topics/cdsw_install.html

CDSW is up and running with no issues now.

But My requirement is to integrate the CDSW with LDAP.

I have tried doing so with my OPENLDAP server over TLS.

Error pops up as :

"UNABLE to verify first certificate"

I tried using direct bind and search bind.

In both the cases the error remains same.

I can connect to LDAP using Apache Directory studio over TLS and can query the data.

phunt · ‎08-03-2017

Are the certs self signed? Just a guess, but if the CA is not found in the truststore it could result in not being able to verify the cert.

venkatachetkuri · ‎09-19-2017

In my case,

They are internal CA certificates.

zherczeg · ‎09-20-2017

Hi venkatachetkuri,

If you ldaps server is using a certificate which is signed by an internal CA, you can just upload the internal CA to the "CA Certificate" field, and CDSW will trust your ldaps connection. It only check against the CA provided in that field, it does not matter whether it's public or internal CA.

If it still does not work, you can test with openssl wether the trustchain is set up correctly:

openssl s_client -connect your.cdsw.domain.name:443 -CAfile /path/to/your/internal/ca

Zsolt

Yi-Hsun · ‎09-20-2017

Hi venkatachetkuri,

In addition, the "LDAP User Filter" needs to be in the form of:

(sAMAccountName={0})

.

Substitue the "sAMAccountName" part with the user attribute that you use for usernames. "cn" or common name is usually the first name + last name for individual users and typically is not used for usernames.

zherczeg · ‎09-18-2017

Hello Sachin81 and venkatachetkuri,

You can specify a CA certificate on the CDSW webui for ldaps, to verify the ldap server which CDSW connects to. This is not optional, a CA with a valid trustchain to the ldaps servers certificate must be provided for CDSW to work.

You can check the certificates your ldap server provides with openssl s_client -connect as a hint which CA to specify for CDSW.

Zsolt

Support Questions

LDAP integration with Cloudera Data Science Workbench