AnsweredAssumed Answered

How to integrate hue with LDAP

Question asked by engrbrianmark2 on Sep 22, 2015
This is my config

[[ldap]]

    # The search base for finding users and groups
    ## base_dn="DC=mycompany,DC=com"
    base_dn="DC=tms,DC=unioncycleph,DC=com"

    # URL of the LDAP server
    ## ldap_url=ldap://auth.mycompany.com
    ldap_url=ldap_url=ldap://192.168.18.115

    # A PEM-format file containing certificates for the CA's that
    # Hue will trust for authentication over TLS.
    # The certificate for the CA that signed the
    # LDAP server certificate must be included among these certificates.
    # See more here http://www.openldap.org/doc/admin24/tls.html.
    ## ldap_cert=
    ## use_start_tls=true

    # Distinguished name of the user to bind as -- not necessary if the LDAP server
    # supports anonymous searches
    ## bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
    bind_dn="CN=auth_user,OU=Users,DC=tms,DC=unioncycleph,DC=com"

    # Password of the bind user -- not necessary if the LDAP server supports
    # anonymous searches
    ## bind_password=
    bind_password=binder

    # Execute this script to produce the bind user password. This will be used
    # when `bind_password` is not set.
    ## bind_password_script=

    # Pattern for searching for usernames -- Use <username> for the parameter
    # For use when using LdapBackend for Hue authentication
    # If nt_domain is specified, this config is completely ignored.
    # If nt_domain is not specified, this should take on the form "cn=<username>,dc=example,dc=com",
    # where <username> is replaced by whatever is provided at the login page. Depending on your ldap schema,
    # you can also specify additional/alternative comma-separated attributes like uid, ou, etc
    ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
    ldap_username_pattern="CN=auth_user,OU=Users,DC=tms,DC=unioncycleph,DC=com"

    # Create users in Hue when they try to login with their LDAP credentials
    # For use when using LdapBackend for Hue authentication
    ## create_users_on_login = true

    # Synchronize a users groups when they login
    ## sync_groups_on_login=false

    # Ignore the case of usernames when searching for existing users in Hue.
    ## ignore_username_case=false

    # Ignore the case of usernames when searching for existing users to authenticate with.
    # Only supported in remoteUserDjangoBackend.
    ## force_username_lowercase=false

    # Use search bind authentication.
    # If set to true, hue will perform ldap search using bind credentials above (bind_dn, bind_password)
    # Hue will then search using the 'base_dn' for an entry with attr defined in 'user_name_attr', with the value
    # of short name provided on the login page. The search filter defined in 'user_filter' will also be used to limit
    # the search. Hue will search the entire subtree starting from base_dn.
    # If search_bind_authentication is set to false, Hue performs a direct bind to LDAP using the credentials provided
    # (not bind_dn and bind_password specified in hue.ini). There are 2 modes here - 'nt_domain' is specified or not. 
    ## search_bind_authentication=true

    # Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
    ## subgroups=suboordinate

    # Define the number of levels to search for nested members.
    ## nested_members_search_depth=10

    # Whether or not to follow referrals
    ## follow_referrals=false

    # Enable python-ldap debugging.
    ## debug=false

    # Sets the debug level within the underlying LDAP C lib.
    ## debug_level=255

    # Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
    # 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
    ## trace_level=0

    [[[users]]]

      # Base filter for searching for users
      ## user_filter="objectclass=*"
      user_filter="objectclass=*"

      # The username attribute in the LDAP schema
      ## user_name_attr=sAMAccountName
      user_name_attr=uid

    [[[groups]]]

      # Base filter for searching for groups
      ## group_filter="objectclass=*"

      # The group name attribute in the LDAP schema
      ## group_name_attr=cn

      # The attribute of the group object which identifies the members of the group
      ## group_member_attr=members,This is my configuration:

Outcomes