Configuring authentication with LDAP and Direct Bind

To authenticate with Direct Binding, Hue needs either the User Principal Name (UPN) for Active Directory, or the full path to the LDAP user in the Directory Information Tree (DIT) for open standard LDAP.

Video: Authenticate Hue with LDAP and Direct Bind

Figure 1. Video: Authenticate Hue with LDAP and Direct Bind

To directly bind to an Active Directory/LDAP server with NT domain:

Log in to Cloudera Manager and click Hue.
Click the Configuration tab and filter by scope=Service-wide and category=Security.

Set the following LDAP properties:


Authentication Backend	desktop.auth.backend.LdapBackend
LDAP URL	`ldaps://<ldap_server>:636` if using Secure LDAP `ldap://<ldap_server>:389` if not using encryption Note: If ldaps:// is specified in the LDAP URL, then do not set LDAP TLS.
Enable LDAP TLS	`TRUE` if not using Secure LDAP (LDAPS) but want to establish a secure connection using TLS `FALSE` if using LDAPS or not encrypting
LDAP Server CA Certificate	/path_to_certificate/cert.pem
LDAP Search Base	DC=mycompany,DC=com
LDAP Bind User Distinguished Name	<username> Only the username is required for Direct Bind. There is no need to specify the domain.
LDAP Bind Password	bind_user_password
Active Directory Domain	<your NT domain>
Use Search Bind Authentication	FALSE
Create LDAP users on login	TRUE

Click Save Changes
Test your LDAP configuration, and when successful, click Restart Hue.
To directly bind to an open standard LDAP server with a username pattern:
1. Remove the value for the Active Directory Domain.
2. Set both LDAP Username Pattern and LDAP Bind User Distinguished Name to a DN string that represents the full path of the directory information tree, from UID to top level domain.
note
When using Direct Bind, set the LDAP Search Base property. This is not for authentication because you can log in to Hue without it, but to synchronize Hue with the LDAP server.