Configure Hue with Multi-Authentication: LDAP & DjangoBackend and Sync LDAP user/group

Published on 14 September 2018 in Version 4 - 2 minutes read - Last modified on 06 March 2021

Aloha, Hue administrators,

Hue supports multi-authentication since Hue 3.9, we can turn on Hue’s multi-authentication by updating Hue configurations through CM UI or hue.ini.

On any CM-managed cluster, go to hue’s configuration page and search for “safety”:

http://YourCluster.com:7180/cmf/services/10/config#filterfreeText=safety</span>

Then update Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini as following:



[desktop]

[[auth]

backend=desktop.auth.backend.LdapBackend,desktop.auth.backend.AllowFirstUserDjangoBackend

Then configure Hue LDAP related configurations through CM UI: http://YourCluster.com:7180/cmf/services/10/config as following:

Here is a sample of the multi-authentication with ldap for /etc/hue/conf/hue.ini in case that you don’t have CM:



[desktop]

[[auth]

backend=desktop.auth.backend.LdapBackend,desktop.auth.backend.AllowFirstUserDjangoBackend

[[ldap]]

ldap_url=ldap://ldapserver.ad.com:389

search_bind_authentication=true

create_users_on_login=true

base_dn="ou=Test,DC=ad,DC=com"

bind_dn="[email protected]"

bind_password_script={{CMF_CONF_DIR}}/altscript.sh sec-5-bind_password

#bind_password="YourBindPassword"

[[[users]]]

user_filter="objectclass=user"

user_name_attr="sAMAccountName"

[[[groups]]]

group_filter="objectclass=group"

Save Changes, re-deploy client configuration then restart Hue.

Now you should be able to log in hue as any LDAP user or Django backend user. If you are using Hue 3.12 or newer, you will find following UI with the extra drop down for “LDAP” or “Local”.

Once you login as superuser, you will be able to sync up LDAP users/groups through “Manager Users” page: https://YourHueHost.com:8889/hue/useradmin/users.

On “Users” tab, click on “**Add/Sync LDAP user”** button…

Then fill in LDAP user name either like “test*“

Click “**Add/Sync user”** button, all users starts with “test” will be synced.

You can also sync user with LDAP distinguished name like: “**CN=atestë01,OU=huetest,OU=test,DC=ad,DC=com” with “Distinguished name” **checked.

Similarly for LDAP group,  just navigate to “Groups” tab then click “**Add/Sync LDAP group” button, then fill in following accordingly, then click “Add/Sync group”**.

You can always use ldapsearch command on your host to verify if the user/group exists on your LDAP server.



ldapsearch -LLL -H ldap://ldapserver.ad.com:389 -D [email protected] -w yourbindPassword -b "cn=testuser,ou=test,DC=ad,DC=com"

ldapsearch -LLL -H ldap://ldapserver.ad.com:389 -D [email protected] -w yourbindPassword -b "cn=testgroup,ou=test,DC=ad,DC=com"

As always feel free to comment and send feedback on the hue-user list or @gethue!


comments powered by Disqus

More recent stories

03 May 2023
Discover the power of Apache Ozone using the Hue File Browser
Read More
23 January 2023
Hue 4.11 and its new dialects and features are out!
Read More