LDAP with Cloudera hue integration

1
votes

I have configured LDAP server in my ubuntu 12.04 in the same server Cloudera core hadoop service installed . Here i want to integrate cloudera hue with LDAP server.

Following is my LDAP users

root@ip-10-81-160-152:/home/ubuntu# ldapsearch -x -b "dc=gmps,dc=com"

    # extended LDIF
    #
    # LDAPv3
    # base <dc=gmps,dc=com> with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # gmps.com
    dn: dc=gmps,dc=com
    objectClass: top
    objectClass: dcObject
    objectClass: organization
    o: gmps
    dc: gmps

    # admin, gmps.com
    dn: cn=admin,dc=gmps,dc=com
    cn: admin
    description: LDAP administrator
    objectClass: simpleSecurityObject
    objectClass: organizationalRole
    objectClass: uidObject
    uid: admin
    ou: admin


    # aaryan aditya, students, users, gmps.com
    dn: cn=aaryan aditya,cn=students,ou=users,dc=gmps,dc=com
    cn: aaryan aditya
    givenName: aaryan
    gidNumber: 500
    homeDirectory: /home/users/aditya
    sn: aditya
    loginShell: /bin/sh
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: top
    uidNumber: 1000
    uid: aditya

i use phpldapadmin to login my LDAP server which was working fine ..

My Login DN: cn=admin,dc=gmps,dc=com

I have configured this ldap server in Hue cloudera as

ldap_url : ldap://75.101.250.10

LDAP Username Pattern : "uid=admin,ou=admin,dc=greycampus,dc=com"

user_name_attr: admin

After this i restarted HUE and i just logged into HUE web UI there if click on

Hue ---> Manage Users ---> Sync LDAP users and groups --> Sync

i am not getting any users syced from LDAP server ..

if i click Add/Sync LDAP user .. then enter username and ok .. i am getting

There was an error when communicating with LDAP

{'info': 'invalid DN', 'desc': 'Invalid DN syntax'}

i dont know where i did wrong .. and its still confusing where i have supply my LDAP password .. and how hue communicate with LDAP without password .. kindly any one please help

1
ldapclouderahuecloudera-managercloudera-cdh
Any one please suggestDev
Did you look at gethue.com/making-hadoop-accessible-to-your-employees-with-ldap ?Romain

1 Answers

0
votes

I can't understand neither your LDAP configuration nor your Hue configuration.

firstly you define your LDAP root, dc=gmps,dc=com, ok. Next, you define an admin role, which is definitly not a user, just a role. dn: cn=admin,dc=gmps,dc=com Finally you define a user, which doesn't seem to be linked to the admin role. If you don't have any relation defined between a user and a role, it'll be difficult for hue to grant something to your user.

Next, about yourr Hue configuration:

The user should be a parameter of the pattern. If a user DN is dn: cn=aaryan aditya,cn=students,ou=users,dc=gmps,dc=com, your pattern should be at least something like cn=

Hue webapp substitute by the typed login and make a first request to validate the authentification of your user (aka username/password against the LDAP user information).

To perform the search, you need to define the LDAP base search (dc=gmps,dc=com) and a bind user, authorized user DN to look into your LDAP (for instance, cn=aaryan aditya,cn=students,ou=users,dc=gmps,dc=com)

If you want to limit the global access to just a portion of your LDAP, you can specify an additional filter. When you'll define a relation between users and roles, you'll can restrict the access to the users by their roles.

You have to specify what's the attribute you're considerating to identify the user (in your case, it seems to be cn, so user_name_attr = cn)

To do the mapping between LDAP and Hue permissions, you have to tell Hue which roles are considerated, throw the group_filter. Next you have to specify the attribute of the role which allow to identify the role (in your case, it seems to be cn)

Finally, you have to tell to hue which attribute allows you to link a role to a user (which doesn't seem to be undefined in your configuration)

Next, restarting your cluster, everything should be ok. Syncing your users/group will load users and roles from your LDAP to Hue, next step will be configure each role in HUE to give it the expected permissions.