Configuring authentication with LDAP and Direct Bind
To authenticate with Direct Binding, Hue needs either the User Principal Name (UPN) for
Active Directory, or the full path to the LDAP user in the Directory Information Tree (DIT) for
open standard LDAP.
Figure 1. Video: Authenticate Hue
with LDAP and Direct Bind
To directly bind to an Active Directory/LDAP server with NT
domain:
Log in to Cloudera Manager and click Hue.
Click the Configuration tab and filter by
scope=Service-wide and
category=Security.
Set the following LDAP properties:
Authentication
Backend
desktop.auth.backend.LdapBackend
LDAP URL
ldaps://<ldap_server>:636 if using Secure LDAP
ldap://<ldap_server>:389 if not using encryption
Note: If ldaps:// is specified in the LDAP URL, then do not set LDAP
TLS.
Enable LDAP TLS
TRUE if not using Secure LDAP (LDAPS) but want to
establish a secure connection using TLS
FALSE if using LDAPS or not encrypting
LDAP Server CA
Certificate
/path_to_certificate/cert.pem
LDAP Search Base
DC=mycompany,DC=com
LDAP Bind User Distinguished
Name
<username>
Only the username is required for Direct Bind. There is no need to
specify the domain.
LDAP Bind Password
bind_user_password
Active Directory Domain
<your NT domain>
Use Search Bind
Authentication
FALSE
Create LDAP users on
login
TRUE
Click Save Changes
Test your LDAP configuration, and when successful, click Restart
Hue.
To directly bind to an open standard LDAP server with a username
pattern:
Remove the value for the Active Directory Domain.
Set both LDAP Username Pattern and
LDAP Bind User Distinguished Name to a DN
string that represents the full path of the directory information
tree, from UID to top level domain.