Make Hadoop more accessible by integrating multiple LDAP Servers

Published on 29 May 2014 in - 2 minutes read - Last modified on 06 March 2021

Hue 3.6 (coming up this week) LDAP configuration has been drastically improved to enable multiple server support. Here is a quick guide on how to configure LDAP in Hue using this new configuration model.

How it works

As described in How to Make Hadoop Accessible to your Employees with Hue, there are several configuration parameters available. These have been transferred over to the new way of configuring LDAP: server declarations.

 

Adding users through Useradmin with multiple server declarations

Server declarations

You can have multiple LDAP servers configured in the hue.ini by providing multiple server declarations:

[desktop]

[[ldap]]

[[[ldap_servers]]]

[[[[server1]]]]

ldap_url=ldap://127.0.0.1

create_users_on_login=true

base_dn="dc=sub1.dc=example,dc=com"

[[[[[users]]]]]

user_filter="(objectClass=user)"

user_name_attr="uid"

[[[[[groups]]]]]

group_filter="(objectClass=group)"

group_name_attr="cn"

group_member_attr="member"

[[[[server2]]]]

ldap_url=ldap://127.0.0.2

create_users_on_login=true

base_dn="dc=sub2,dc=example,dc=com"

[[[[[users]]]]]

user_filter="(objectClass=user)"

user_name_attr="uid"

[[[[[groups]]]]]

group_filter="(objectClass=group)"

group_name_attr="cn"

group_member_attr="member"

 

The names “server1” and “server2” will be selectable by users when authenticating and admins when managing users. In the example above, the configuration parameters are exactly they would be in the original LDAP configuration, except on a per-server basis. The only parameters that are not defined on a per-server basis are:

  • create_users_on_login
  • ignore_username_case
  • force_username_lowercase

 

To be more explicit, the parameters that are available to server declarations are:

  • base_dn
  • nt_domain
  • ldap_url
  • use_start_tls
  • ldap_cert
  • ldap_username_pattern
  • bind_dn
  • bind_password
  • users
    • user_filter
    • user_name_attr
  • groups
    • group_filter
    • group_name_attr
    • group_member_attr

 

For more information on what these parameters do, check out How to Make Hadoop Accessible to your Employees with Hue.

Backwards compatible

To remain backwards compatible, the original configuration of LDAP is respected if there are no server declarations.

Conclusion

We hope this helps you manage multiple directory service deployments and make Hadoop more accessible within your company.

 

Have any suggestions? Feel free to tell us what you think through hue-user or@gethue!

comments powered by Disqus

More recent stories

03 May 2023
Discover the power of Apache Ozone using the Hue File Browser
Read More
23 January 2023
Hue 4.11 and its new dialects and features are out!
Read More