Configuring LDAP on unmanaged clusters
If your clusters are not managed with Cloudera Manager, you must
manually set the LDAP configuration properties in the hue.ini
file.
Refer to the following examples of LDAP configurations in the hue.ini
file:
Example of a Search Bind configuration encrypted with LDAPS:
[[custom]] [[auth]] backend=desktop.auth.backend.LdapBackend [[ldap]] ldap_url=ldaps://<hostname>.ad.sec.<domain_name>.com:636 search_bind_authentication=true ldap_cert=/<path_to_cacert>/<cert_filename>.pem use_start_tls=false create_users_on_login=true base_dn="DC=ad,DC=sec,DC=<domain_name>,DC=com" bind_dn="<username>@ad.sec.<domain_name>.com" bind_password_script=<path_to_password_script>/<script.sh> test_ldap_user="testuser1" test_ldap_group="testgroup1" [[[users]]] user_filter="objectclass=user" user_name_attr="sAMAccountName" [[[groups]]] group_filter="objectclass=group" group_name_attr="cn" group_member_attr="member"
Example of a Direct Bind configuration for Active Directory encrypted with LDAPS:
[[ldap]] ldap_url=ldaps://<hostname>.ad.sec.<domain_name>.com:636 search_bind_authentication=false nt_domain=ad.sec.<domain_name>.com ldap_cert=/<path_to_cacert>/<cert_filename>.pem use_start_tls=false create_users_on_login=true base_dn="DC=ad,DC=sec,DC=<domain_name>,DC=com" bind_dn="<username>" bind_password_script=<path_to_password_script>/<script.sh> ...
Example of a Direct Bind configuration for Active Directory encrypted with StartTLS:
[[ldap]] ldap_url=ldap://<hostname>.ad.sec.<domain_name>.com:389 search_bind_authentication=false nt_domain=ad.sec.<domain_name>.com ldap_cert=/opt/cloudera/security/cacerts/<cert_filename>.pem use_start_tls=true create_users_on_login=true base_dn="DC=ad,DC=sec,DC=<domain_name>,DC=com" bind_dn="<username>" bind_password_script=<path_to_password_script>/<script.sh> ...