Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Who agreed with this topic

[HUE CDH 6.0] All users login in as superusers and LDAP filters not working.


Hello my dear gods of the Big Data!


I'm having the following problems:


Problem #1 - all users are login in as superusers. How is this possible? I have a 5.12 cluster and this isn't happening. On a the new one (CDH 6), Hue is giving this permission to everyone. What am I missing?


Problem #2 - LDAP configuration. Hue isn't using my filters!?


LDAP Configuration:


Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini



Authentication Backend (LdapBackend ldap_url) - ldap://stuff1.stuff2.stuff3:389

LDAP Username Pattern (ldap_username_pattern) - empty

Use Search Bind Authentication (search_bind_authentication) - True

Create LDAP users on login (create_users_on_login) - True

LDAP Search Base (base_dn) - dc=stuff1,dc=stuff2,dc=stuff3
LDAP Bind User Distinguished Name (bind_dn) - CN=user,OU=stuff4,DC=stuff1,DC=stuff2,DC=stuff3
LDAP Bind Password (bind_password) - •••••••••••••••••••••
LDAP User Filter (user_filter) - empty
LDAP Username Attribute (user_name_attr) - sAMAccountName
LDAP Group Filter (group_filter) - (&(objectClass=group)(cn=GBGDATA*))
LDAP Group Name Attribute (group_name_attr) - cn
LDAP Group Membership Attribute (group_member_attr) - member
The idea behind this configuration is to filter all accesses to users that belong to all groups which start with "GBGDATA". 

In access.log, debug shows this:
[26/Oct/2018 14:57:52 +0100] DEBUG search_s('dc=stuff1,dc=stuff2,dc=stuff3', 2, '(&(sAMAccountName=%(user)s)(objectclass=*))') returned 1 objects: cn=myuser,ou=stuff5,dc=stuff1,dc=stuff2,dc=stuff3
[26/Oct/2018 14:57:52 +0100] DEBUG Populating Django user myuser
[26/Oct/2018 14:57:53 +0100] WARNING myuser - "POST /hue/accounts/login HTTP/1.1"-- Successful login for user: myuser
Why in the hell HUE is using:

Instead of what I've set above???


Thanks everyone!

Who agreed with this topic