Hue 3.6 (coming up this week) LDAP configuration has been drastically improved to enable multiple server support. Here is a quick guide on how to configure LDAP in Hue using this new configuration model.
How it works
As described in How to Make Hadoop Accessible to your Employees with Hue, there are several configuration parameters available. These have been transferred over to the new way of configuring LDAP: server declarations.
Adding users through Useradmin with multiple server declarations
Server declarations
You can have multiple LDAP servers configured in the hue.ini by providing multiple server declarations:
[desktop]
[[ldap]]
[[[ldap_servers]]]
[[[[server1]]]]
ldap_url=ldap://127.0.0.1
create_users_on_login=true
base_dn="dc=sub1.dc=example,dc=com"
[[[[[users]]]]]
user_filter="(objectClass=user)"
user_name_attr="uid"
[[[[[groups]]]]]
group_filter="(objectClass=group)"
group_name_attr="cn"
group_member_attr="member"
[[[[server2]]]]
ldap_url=ldap://127.0.0.2
create_users_on_login=true
base_dn="dc=sub2,dc=example,dc=com"
[[[[[users]]]]]
user_filter="(objectClass=user)"
user_name_attr="uid"
[[[[[groups]]]]]
group_filter="(objectClass=group)"
group_name_attr="cn"
group_member_attr="member"
The names “server1” and “server2” will be selectable by users when authenticating and admins when managing users. In the example above, the configuration parameters are exactly they would be in the original LDAP configuration, except on a per-server basis. The only parameters that are not defined on a per-server basis are:
- create_users_on_login
- ignore_username_case
- force_username_lowercase
To be more explicit, the parameters that are available to server declarations are:
- base_dn
- nt_domain
- ldap_url
- use_start_tls
- ldap_cert
- ldap_username_pattern
- bind_dn
- bind_password
- users
- user_filter
- user_name_attr
- groups
- group_filter
- group_name_attr
- group_member_attr
For more information on what these parameters do, check out How to Make Hadoop Accessible to your Employees with Hue.
Backwards compatible
To remain backwards compatible, the original configuration of LDAP is respected if there are no server declarations.
Conclusion
We hope this helps you manage multiple directory service deployments and make Hadoop more accessible within your company.
Have any suggestions? Feel free to tell us what you think through hue-user or@gethue!