Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Unable to login to Hue UI when AD Authentication is enabled

avatar
Rising Star

Hello,

We are able to login to Hue UI locally with default user name / password, the issue arises when choosing AD Authentication it does not accept the username / password.

 

Error in Hue Access log

[25/Nov/2022 14:00:29 -0800] DEBUG    Initiating TLS
[25/Nov/2022 14:00:29 -0800] DEBUG    search_s('DC=mtest,DC=com', 2, '(&(sAMAccountName=%(user)s)(sAMAccountName={0}))') returned 0 objects:
[25/Nov/2022 14:00:29 -0800] DEBUG    Authentication failed for User1_dev: failed to map the username to a DN.
[25/Nov/2022 14:00:29 -0800] WARNING  10.216.176.10 -anon- - "POST /hue/accounts/login HTTP/1.1" --- Failed login for user: User1_dev
[25/Nov/2022 14:00:29 -0800] INFO     10.216.176.10 -anon- - "POST /hue/accounts/login HTTP/1.1" returned in 1062ms 200 114908
[25/Nov/2022 14:00:40 -0800] DEBUG    10.216.176.10 -anon- - "POST /hue/accounts/login HTTP/1.1" -

Error in Runcpserver.log

[25/Nov/2022 14:43:01 -0800] resource     ERROR    Error logging return call POST http://localhost:7187/api/v9
Traceback (most recent call last):
  File "/opt/cloudera/parcels/CDH-7.1.7-1.cdh7.1.7.p1000.24102687/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", line 122, in _invoke
    resp_content = smart_unicode(resp.content, errors='replace')
AttributeError: 'NoneType' object has no attribute 'content'

[25/Nov/2022 14:43:01 -0800] navigator_client ERROR    Failed to search for entities with search query: {"query": "((originalName:**^3)OR(originalDescription:**^1)OR(name:**^10)OR(description:**^3)OR(tags:**^5))AND((originalName:[* TO *])OR(originalDescription:[* TO *])OR(name:[* TO *])OR(description:[* TO *])OR(tags:[* TO *]))", "filterQueries": ["deleted:false"], "facetFields": ["tags"]}
[25/Nov/2022 14:43:01 -0800] access       INFO     10.216.176.10 admin - "POST /metadata/api/catalog/list_tags HTTP/1.1" returned in 43ms 500 308
[25/Nov/2022 14:43:01 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/api2/context/clusters/jobs HTTP/1.1" returned in 4ms 200 225
[25/Nov/2022 14:43:01 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/api2/context/namespaces/hive HTTP/1.1" returned in 215ms 200 287
[25/Nov/2022 14:43:01 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/api2/context/computes/impala HTTP/1.1" returned in 135ms 200 230
[25/Nov/2022 14:43:01 -0800] access       INFO     10.216.176.10 admin - "GET /editor HTTP/1.1" returned in 266ms 200 127305
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "POST /notebook/api/create_notebook HTTP/1.1" returned in 2ms 200 243
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/api2/user_preferences/default_app HTTP/1.1" returned in 2ms 200 27
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "GET /notebook/api/get_history HTTP/1.1" returned in 9ms 200 70
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/workers/aceSqlSyntaxWorker.js HTTP/1.1" returned in 8ms 200 196
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "POST /jobbrowser/jobs/ HTTP/1.1" returned in 8ms 200 12
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/workers/aceSqlLocationWorker.js HTTP/1.1" returned in 19ms 200 200
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "POST /notebook/api/create_session HTTP/1.1" returned in 111ms 200 1113
[25/Nov/2022 14:43:03 -0800] navigator_client INFO     (('query', 'parentPath:"/default" AND type:(table view field)'), ('offset', 0), ('limit', 450))
[25/Nov/2022 14:43:03 -0800] resource     ERROR    Error logging return call GET http://localhost:7187/api/v9
Traceback (most recent call last):
  File "/opt/cloudera/parcels/CDH-7.1.7-1.cdh7.1.7.p1000.24102687/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", line 122, in _invoke
    resp_content = smart_unicode(resp.content, errors='replace')
AttributeError: 'NoneType' object has no attribute 'content'
[25/Nov/2022 14:43:03 -0800] navigator_client ERROR    Failed to search for entities with search query: parentPath:"/default" AND type:(table view field)
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "POST /desktop/api/search/entities HTTP/1.1" returned in 36ms 500 366
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/api2/docs/ HTTP/1.1" returned in 25ms 200 116
[25/Nov/2022 14:43:03 -0800] access       INFO     10.216.176.10 admin - "GET /desktop/api2/context/computes/hive HTTP/1.1" returned in 124ms 200 226
[25/Nov/2022 14:43:04 -0800] access       INFO     10.216.176.10 admin - "GET /dynamic_bundle/workers/vendors~calcite-parser~druid-parser~elasticsearch-parser~flink-parser~generic-par~a12e5353-chunk-9e88fe32881dac37fa21.js HTTP/1.1" returned in 3ms 302 0
[25/Nov/2022 14:43:04 -0800] access       INFO     10.216.176.10 admin - "GET /dynamic_bundle/workers/calcite-parser~druid-parser~elasticsearch-parser~flink-parser~generic-parser~hive~fd963363-chunk-9e88fe32881dac37fa21.js HTTP/1.1" returned in 4ms 302 0
[25/Nov/2022 14:43:04 -0800] access       INFO     10.216.176.10 admin - "GET /dynamic_bundle/workers/hive-parser-chunk-9e88fe32881dac37fa21.js HTTP/1.1" returned in 12ms 302 0
[25/Nov/2022 14:43:04 -0800] access       INFO     10.216.176.10 admin - "GET /dynamic_bundle/workers/vendors~calcite-parser~druid-parser~elasticsearch-parser~flink-parser~generic-par~a12e5353-chunk-9e88fe32881dac37fa21.js HTTP/1.1" returned in 1ms 302 0
[25/Nov/2022 14:43:04 -0800] access       INFO     10.216.176.10 admin - "GET /dynamic_bundle/workers/calcite-parser~druid-parser~elasticsearch-parser~flink-parser~generic-parser~hive~fd963363-chunk-9e88fe32881dac37fa21.js HTTP/1.1" returned in 2ms 302 0
[25/Nov/2022 14:43:04 -0800] access       INFO     10.216.176.10 admin - "GET /dynamic_bundle/workers/hive-parser-chunk-9e88fe32881dac37fa21.js HTTP/1.1" returned in 1ms 302 0
[25/Nov/2022 14:43:10 -0800] views        WARNING  Error closing impala session: Snippet type impala is not configured.
[25/Nov/2022 14:43:10 -0800] access       INFO     10.216.176.10 -anon- - "GET /accounts/logout HTTP/1.1" returned in 58ms 302 0
[25/Nov/2022 14:43:10 -0800] middleware   INFO     Redirecting to login page: /
[25/Nov/2022 14:43:10 -0800] access       INFO     10.216.176.10 -anon- - "GET / HTTP/1.1" --- login redirection
[25/Nov/2022 14:43:10 -0800] access       INFO     10.216.176.10 -anon- - "GET / HTTP/1.1" returned in 9ms 302 0
[25/Nov/2022 14:43:10 -0800] access       INFO     10.216.176.10 admin - "POST /notebook/api/notebook/close HTTP/1.1" returned in 129ms 200 44
[25/Nov/2022 14:43:10 -0800] decorators   INFO     AXES: Calling decorated function: dt_login
[25/Nov/2022 14:43:10 -0800] access       INFO     10.216.176.10 -anon- - "GET /hue/accounts/login HTTP/1.1" returned in 49ms 200 114859
[25/Nov/2022 14:43:11 -0800] access       INFO     127.0.0.1 -anon- - "HEAD /desktop/debug/is_alive HTTP/1.1" returned in 16ms 200 0
[25/Nov/2022 14:43:33 -0800] decorators   INFO     AXES: Calling decorated function: dt_login
[25/Nov/2022 14:43:34 -0800] access       WARNING  10.216.176.10 -anon- - "POST /hue/accounts/login HTTP/1.1" --- Failed login for user: USER1_dev
[25/Nov/2022 14:43:34 -0800] decorators   INFO     AXES: Repeated login failure by 127.0.0.1. Updating access record. Count = 25
[25/Nov/2022 14:43:34 -0800] access       INFO     10.216.176.10 -anon- - "POST /hue/accounts/login HTTP/1.1" returned in 1086ms 200 114908
[25/Nov/2022 14:43:45 -0800] decorators   INFO     AXES: Calling decorated function: dt_login

 

Also would like to understand is it mandatory to have unix server also domain joined on which hue is deployed for AD Authentication to work?

 

Appreciate all the help

 

Thanks 

1 ACCEPTED SOLUTION

avatar
Master Collaborator

@Amn_468 Please try the below steps to make it work. 

LDAP user filter : (objectCategory=User)
LDAP Group Filter = (objectClass=group) 

View solution in original post

2 REPLIES 2

avatar
Master Collaborator

@Amn_468 Please try the below steps to make it work. 

LDAP user filter : (objectCategory=User)
LDAP Group Filter = (objectClass=group) 

avatar
Rising Star

@Kartik_Agarwal 

Thanks that worked