LDAP properties
These are the properties you can use to configure LDAP for Hue in Cloudera Manager or
in the hue.ini
file for unmanaged clusters.
Property Name | Description and Syntax |
---|---|
General Hue LDAP Properties | |
Authentication Backend
|
Authentication Mode. Select
Multiple backends are allowed. Create a list and add it to the Hue safety-valve. |
LDAP URL
|
URL for the LDAP server. Syntax: Important: To prevent usernames and passwords from
transmitting in the clear, use |
Create LDAP users on
login
|
Flag to create new LDAP users at Hue login. If true, any user who logs into Hue is automatically
created. If false, only users that exist in
|
Direct Bind Properties | |
Active Directory
Domain
|
For direct binding with Microsoft Active Directory only.
Typically maps to the user email address or ID in
conjunction with the domain. Allows Hue to authenticate
without having to follow LDAP references to other
partitions. Hue binds with Example:
nt_domain when binding with a
username pattern or if using search bind. |
LDAP Username
Pattern
|
For direct binding with LDAP (non-Active Directory) only (because AD uses UPNs which have a space in them). Username Pattern finds the user attempting to login into
LDAP by adding the username to a predefined DN string. Use
<username> to reference the user logging in. An
example is
|
Search Bind Properties | |
Use Search Bind
Authentication
|
Flag to enable/disable search binding. |
LDAP Search Base
|
Distinguished name to use as a search base for finding users and groups. Syntax: |
Encryption Properties | |
LDAP Server CA
Certificate
|
Full path to .pem file with Certificate Authority (CA) chain used to sign the LDAP server certificate. If left blank, all certificates are trusted and otherwise encrypted usernames and passwords are vulnerable to attack. |
Enable LDAP
TLS
|
Flag to enable/disable encryption with the StartTLS operation. |
Import / Sync Properties | |
LDAP Bind User Distinguished
Name
|
Bind user. Only use if LDAP/AD does not support anonymous binds. (Typically, LDAP supports anonymous binds and AD does not.) Bind User differs per auth type:
|
LDAP Bind
Password
|
Bind user password. |
Filter Properties | |
LDAP User
Filter
|
General LDAP text search filter to
restrict search of valid users. Only used by Search Bind
authentication and LDAP Sync. The default is
|
LDAP Username
Attribute
|
Username to search against (the attribute in LDAP that
contains the username). Typical attributes include
Maintain case sensitivity when setting attributes for AD/LDAP. |
LDAP Group
Filter
|
General LDAP text search filter to
restrict search of valid groups. Only used by LDAP Sync (not
authentication). If left blank, no filtering is used and all
groups in LDAP are synced. The default is
|
LDAP Group Name
Attribute
|
Group name to search against (the attribute in LDAP that contains the groupname). If left blank, the default is "cn" (common name), that typically works with AD/LDAP. Maintain case sensitivity when setting attributes for AD/LDAP. |
LDAP Group Membership
Attribute
|
Attribute in the group that contains DNs of all the members.(Optional) - If left blank, the default is "memberOf" or "member", that typically works with Active Directory/LDAP. |
Test Properties | |
LDAP Username for Test LDAP
Configuration
|
Any user (ideally with low privileges) used to verify the LDAP configuration. |
LDAP Group Name for Test LDAP
Configuration
|
Any group (and not necessarily one that includes the test user) used to verify the LDAP configuration. |