Make Hadoop more accessible by integrating multiple LDAP Servers

Make Hadoop more accessible by integrating multiple LDAP Servers

Hue 3.6 (coming up this week) LDAP configuration has been drastically improved to enable multiple server support. Here is a quick guide on how to configure LDAP in Hue using this new configuration model.

How it works

As described in How to Make Hadoop Accessible to your Employees with Hue, there are several configuration parameters available. These have been transferred over to the new way of configuring LDAP: server declarations.

 

hue-multi-ldap

Adding users through Useradmin with multiple server declarations

Server declarations

You can have multiple LDAP servers configured in the hue.ini by providing multiple server declarations:

[desktop]
  [[ldap]]
    [[[ldap_servers]]]
      [[[[server1]]]]
      ldap_url=ldap://127.0.0.1
      create_users_on_login=true
      base_dn="dc=sub1.dc=example,dc=com"
      [[[[[users]]]]]
        user_filter="(objectClass=user)"
        user_name_attr="uid"
      [[[[[groups]]]]]
        group_filter="(objectClass=group)"
        group_name_attr="cn"
        group_member_attr="member"

      [[[[server2]]]]
      ldap_url=ldap://127.0.0.2
      create_users_on_login=true
      base_dn="dc=sub2,dc=example,dc=com"
      [[[[[users]]]]]
        user_filter="(objectClass=user)"
        user_name_attr="uid"
      [[[[[groups]]]]]
        group_filter="(objectClass=group)"
        group_name_attr="cn"
        group_member_attr="member"

 

The names “server1” and “server2” will be selectable by users when authenticating and admins when managing users. In the example above, the configuration parameters are exactly they would be in the original LDAP configuration, except on a per-server basis. The only parameters that are not defined on a per-server basis are:

  • create_users_on_login
  • ignore_username_case
  • force_username_lowercase

 

To be more explicit, the parameters that are available to server declarations are:

  • base_dn
  • nt_domain
  • ldap_url
  • use_start_tls
  • ldap_cert
  • ldap_username_pattern
  • bind_dn
  • bind_password
  • users
    • user_filter
    • user_name_attr
  • groups
    • group_filter
    • group_name_attr
    • group_member_attr

 

For more information on what these parameters do, check out How to Make Hadoop Accessible to your Employees with Hue.

Backwards compatible

To remain backwards compatible, the original configuration of LDAP is respected if there are no server declarations.

Conclusion

We hope this helps you manage multiple directory service deployments and make Hadoop more accessible within your company.

 

Have any suggestions? Feel free to tell us what you think through hue-user or@gethue!