Configuring Hue for authentication against multiple LDAP/Active Directory servers

Some organizations have more than one LDAP or Active Directory (AD), and users in one LDAP/AD may not be present in the other. Hue supports the ability to authenticate users against multiple LDAP/AD servers.

Before attempting LDAP authentication against multiple servers, ensure you have configured LDAP synchronization for each server, as described in the previous sections. As long as users and groups are synchronised across LDAP and Hue, authentication should work.

  1. Log in to Cloudera Manager as an Administrator.
  2. Go to Clusters > Hue service > Configuration > Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini, and add the following lines for each LDAP server:
    [desktop]
    [[ldap]]
    [[[ldap_servers]]]
    
    [[[[AD1.TEST.COM]]]]
    ldap_url=ldap://w2k8-ad1
    search_bind_authentication=true
    create_users_on_login=true
    base_dn="cn=users,dc=ad1,dc=test,dc=com"
    bind_dn="cn=Administrator,cn=users,dc=ad1,dc=test,dc=com"
    bind_password="[***PASSWORD***]"
    
    [[[[AD2.TEST.COM]]]]
    ldap_url=ldap://w2k8-ad2
    search_bind_authentication=true
    create_users_on_login=true
    base_dn="cn=users,dc=ad2,dc=test,dc=com"
    bind_dn="cn=Administrator,cn
    bind_password="[***PASSWORD***]"
    The above code snippet is for a demo LDAP server called "AD1.TEST.COM" and "AD2.TEST.COM".
  3. Click Save Changes.
  4. Restart the Hue service.
When you log into Hue or while synchronizing LDAP users from the Hue web interface, you need to select the LDAP/AD server from the dropdown list.