Configuring authentication with LDAP and Direct Bind

To authenticate with Direct Binding, Hue needs either the User Principal Name (UPN) for Active Directory, or the full path to the LDAP user in the Directory Information Tree (DIT) for open standard LDAP.

Video: Authenticate Hue with LDAP and Direct Bind

Figure 1. Video: Authenticate Hue with LDAP and Direct Bind

To directly bind to an Active Directory/LDAP server with NT domain:

  1. Log in to Cloudera Manager and click Hue.
  2. Click the Configuration tab and filter by scope=Service-wide and category=Security.
  3. Set the following LDAP properties:
    Authentication Backend desktop.auth.backend.LdapBackend
    • ldaps://<ldap_server>:636 if using Secure LDAP
    • ldap://<ldap_server>:389 if not using encryption

    Note: If ldaps:// is specified in the LDAP URL, then do not set LDAP TLS.

    Enable LDAP TLS
    • TRUE if not using Secure LDAP (LDAPS) but want to establish a secure connection using TLS
    • FALSE if using LDAPS or not encrypting
    LDAP Server CA Certificate /path_to_certificate/cert.pem
    LDAP Search Base DC=mycompany,DC=com
    LDAP Bind User Distinguished Name


    Only the username is required for Direct Bind. There is no need to specify the domain.

    LDAP Bind Password bind_user_password
    Active Directory Domain <your NT domain>
    Use Search Bind Authentication FALSE
    Create LDAP users on login TRUE
  4. Click Save Changes
  5. Test your LDAP configuration, and when successful, click Restart Hue.
    To directly bind to an open standard LDAP server with a username pattern:
    1. Remove the value for the Active Directory Domain.
    2. Set both LDAP Username Pattern and LDAP Bind User Distinguished Name to a DN string that represents the full path of the directory information tree, from UID to top level domain.