Oracle Cloud Infrastructure Documentation

Configuring Hue Authentication with LDAP/Active Directory

Configure Hue to authenticate the users directly from Active Directory. Create users in Active Directory and sign in to Hue using those credentials. Authorization can be managed through Ranger.

Authenticating Users From Active Directory for Hue

  1. Access Apache Ambari.
  2. From the side toolbar, under Services click Hue.
  3. Click Configs, and then click Hue User Info.
  4. Set Enable User Sync to Yes.
  5. Select LDAP/AD from the Sync Source dropdown menu.
  6. Click Common Configs, and then enter the following:
    • LDAP/AD URL: Enter the LDAP/AD URL. For example, ldaps://ad.domain.com:636
    • Base DN: <AD_SEARCH_BASE>
    • Bind DN: <AD_BIND_USER_NAME>.
    • Bind User Password Enter and confirm password.
  7. Click Advanced, and then update properties:
    1. Advanced hue-auth-site
      1. Backend: Enter desktop.auth.backend.LdapBackend
    2. Advanced hue-desktop-site
      1. Middleware: Enter desktop.auth.backend.LdapSynchronizationBackend
    3. Advanced hue-ugsync-site
      1. Ldap Cert: Enter the <BDS_LDAP_CERT_WITH_AD_CERT>. For example, /etc/security/serverKeys/ldaptrustcertificate.crt
      2. Search Bind Authentication: Enter false
      3. Nt Domain: Enter the domain name of LDAP host: <AD_REALM_NAME>. For example, AD.DOMAIN.COM
      4. Start TLS: Enter false
      5. Ldap Username Pattern: Enter sAMAccountName=(username),<AD_SEARCH_BASE>
  8. Save the configuration and restart Hue.
    Note

    In case Hue startup fails due to certificate trust issues, append your issuer certificate to /etc/security/serverKeys/ldaptrustcertificate.crt on the un0 node and restart.
  9. Validate by signing in to Hue with an Active Directory username/password without the domain. Verify sign in completes successfully.