Hello my dear gods of the Big Data!
I'm having the following problems:
Problem #1 - all users are login in as superusers. How is this possible? I have a 5.12 cluster and this isn't happening. On a the new one (CDH 6), Hue is giving this permission to everyone. What am I missing?
Problem #2 - LDAP configuration. Hue isn't using my filters!?
LDAP Configuration:
Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini
[desktop]
[[ldap]]
sync_groups_on_login=true
debug_level=255
trace_level=9
Authentication Backend (LdapBackend ldap_url) - ldap://stuff1.stuff2.stuff3:389
LDAP Username Pattern (ldap_username_pattern) - empty
Use Search Bind Authentication (search_bind_authentication) - True
Create LDAP users on login (create_users_on_login) - True
LDAP Search Base (base_dn) - dc=stuff1,dc=stuff2,dc=stuff3
LDAP Bind User Distinguished Name (bind_dn) - CN=user,OU=stuff4,DC=stuff1,DC=stuff2,DC=stuff3
LDAP Bind Password (bind_password) - •••••••••••••••••••••
LDAP User Filter (user_filter) - empty
LDAP Username Attribute (user_name_attr) - sAMAccountName
LDAP Group Filter (group_filter) - (&(objectClass=group)(cn=GBGDATA*))
LDAP Group Name Attribute (group_name_attr) - cn
LDAP Group Membership Attribute (group_member_attr) - member
The idea behind this configuration is to filter all accesses to users that belong to all groups which start with "GBGDATA".
In access.log, debug shows this:
[26/Oct/2018 14:57:52 +0100] DEBUG search_s('dc=stuff1,dc=stuff2,dc=stuff3', 2, '(&(sAMAccountName=%(user)s)(objectclass=*))') returned 1 objects: cn=myuser,ou=stuff5,dc=stuff1,dc=stuff2,dc=stuff3
[26/Oct/2018 14:57:52 +0100] DEBUG Populating Django user myuser
[26/Oct/2018 14:57:53 +0100] WARNING 123.123.123.123 myuser - "POST /hue/accounts/login HTTP/1.1"-- Successful login for user: myuserWhy in the hell HUE is using:
(&(sAMAccountName=%(user)s)(objectclass=*))
Instead of what I've set above???
Thanks everyone!
