Configuring authentication with LDAP and Direct Bind
To authenticate with Direct Binding, Hue needs either the User Principal Name (UPN) for Active Directory, or the full path to the LDAP user in the Directory Information Tree (DIT) for open standard LDAP.
Video: Authenticate Hue with LDAP and Direct Bind
To directly bind to an Active Directory/LDAP server with NT domain:
- Log in to Cloudera Manager and click Hue.
- Click the Configuration tab and filter by scope=Service-wide and category=Security.
-
Set the following LDAP properties:
Authentication Backend desktop.auth.backend.LdapBackend LDAP URL ldaps://<ldap_server>:636
if using Secure LDAPldap://<ldap_server>:389
if not using encryption
Note: If ldaps:// is specified in the LDAP URL, then do not set LDAP TLS.
Enable LDAP TLS TRUE
if not using Secure LDAP (LDAPS) but want to establish a secure connection using TLSFALSE
if using LDAPS or not encrypting
LDAP Server CA Certificate /path_to_certificate/cert.pem LDAP Search Base DC=mycompany,DC=com LDAP Bind User Distinguished Name <username>
Only the username is required for Direct Bind. There is no need to specify the domain.
LDAP Bind Password bind_user_password Active Directory Domain <your NT domain> Use Search Bind Authentication FALSE Create LDAP users on login TRUE - Click Save Changes
-
Test your LDAP configuration, and when successful, click Restart
Hue.
To directly bind to an open standard LDAP server with a username pattern:
- Remove the value for the Active Directory Domain.
- Set both LDAP Username Pattern and LDAP Bind User Distinguished Name to a DN string that represents the full path of the directory information tree, from UID to top level domain.