Search Bind (default)

Setting the search_bind_authentication property to true in /etc/hue/conf/hue.ini enables LDAP search using the bind credentials specified for the bind_dn and bind_password properties.

Search bind performs an LDAP search against the directory service and then binds the results by using the found Distinguished Name (DN) and provided password. The search process starts from the base DN specified for the base_dn property and continues to search the base DN for an entry with an attribute that matches the specified in user_name_attr of the username provided at login.

You can restrict the results of this search process by using the user_filter (default value objectclass=*) and user_name_attr (default value sAMAccountName) properties in the [desktop] > [[ldap]] > [[[users]]] section of /etc/hue/conf/hue.ini.

If you use the default values of user_filter and user_name_attr, the LDAP search filter appears as follows, where <username> is the user name provided on the Hue login page:

(&(objectClass=*)(sAMAccountName=<username>))

Direct Bind

Setting the search_bind_authentication property to false in /etc/hue/conf/hue.ini enables the LDAP direct bind mechanism to authenticate users. Hue binds to the LDAP server using the user name and password provided on the login page.

Depending on the value of the nt_domain property, there are two ways that direct bind works: