Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

hue ldap sync - duplicate error

avatar
New Contributor

hello,

hue is installed using tarball and now trying to synchronize users with ldap group. i am able to synchronize group and able to add all users into hue. however when user is trying to login, they are getting Error 500 ({"auth": false})

in error log, i can see hue is trying to add this user again and db and getting duplicate error

 

TypeError: 'AnonymousUser' object is not iterable
[14/Jul/2021 23:05:04 -0700] forms ERROR LDAP auth error: (1062, "Duplicate entry 'chalkeg' for key 'username'")

 

in hue.ini 

 

[[ldap]]
base_dn="DC=<MY_COMPANY>,DC=COM"
ldap_url=ldaps://<company_ldap_host>:636
bind_dn="<valid_bind_dn>"
bind_password=<password>
ldap_username_pattern="sAMAccountName=<username>,DC=<my_company>,DC=COM"
search_bind_authentication=true
sync_groups_on_login=true
create_users_on_login=false

 

* ignore <> values as they are correct and username is getting resolved.

2 REPLIES 2

avatar
Community Manager

@girishchalke can you provide more information on your cluster and which method you utilized to configure LDAP? Based on my quick read of the documentation for Authenticate Hue Users with LDAP it may be of use to others who may be able to assist.  


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
New Contributor

Thanks for your response.

 

This is a standalone installation of hue on AWS EMR server and we manually configured ldap configuration to sync users from our organizations LDAP server.

 

We are able to add LDAP groups and able to import users within group once. We also set sync_groups_on_login=true so how groups can sync up everyday.

 

however when user is trying to log in, hue is throwing duplicate entry which means its able to identify user in LDAP but not validating it in local db before attempting to insert.

 

as i understand "sync group" will NOT import new users or delete existing user from ldap group so does it mean large organization should manually remove users?