How Login Works with LDAP Group Settings Enabled
Authentication with LDAP
When an unauthenticated user first accesses Cloudera Machine Learning, they are sent to the login page where they can login by providing a username and password.
Cloudera Machine Learning will search for the user by binding to the LDAP Bind DN and verify the username/password credentials provided by the user.
Authorization Check for Access to Cloudera Machine Learning
If the user is authenticated successfully, Cloudera Machine Learning will then use the LDAP Group Search Filter to search for all groups the user is affiliated to, in the DN provided by LDAP Group Search Base.
The list of LDAP groups the user belongs to is then compared to the pre-authorized lists of groups specified in the LDAP User Groups and LDAP Full Administrator Groups properties.
If there is a match with a group listed under LDAP User Groups, this user will be allowed to access Cloudera Machine Learning as a regular user.
If there is a match with a group listed under LDAP Full Administrator Groups, this user will be allowed to access Cloudera Machine Learning as a site administrator.