If you want to use an account in an LDAP server to access Hue, you must connect Hue to the LDAP server. This topic describes how to interconnect Hue with E-MapReduce OpenLDAP and perform authentication. If you use a user-created LDAP server, modify the configurations based on your business requirements.

Procedure

  1. Go to Service Configuration of Hue.
    1. Log on to the Alibaba Cloud E-MapReduce console.
    2. In the top navigation bar, select the region where your cluster resides.
    3. Click the Cluster Management tab.
    4. On the Cluster Management page that appears, find the target cluster and click Details in the Actions column.
    5. In the left-side navigation pane, click Cluster Service and then Hue.
    6. Click the Configure tab.
    7. In the Service Configuration section, click hue.
      hue
  2. Change the value of backend to desktop.auth.backend.LdapBackend.
  3. Add custom configurations.
    1. Click Custom Configuration in the upper-right corner of the page. In the Add Configuration Item dialog box, configure the parameters listed in the following table.
      Parameter Description Example value
      desktop.ldap.ldap_url The URL of the LDAP server. ldap://emr-header-1:10389
      desktop.ldap.bind_dn The distinguished name (DN) that is used to connect to the LDAP or AD server and query users and user groups. If the LDAP server supports anonymous access, this parameter is not required. uid=admin,o=emr
      desktop.ldap.bind_password The password of the DN that is used to connect to the LDAP server. [password]
      desktop.ldap.ldap_username_pattern The pattern in which a username is matched with an LDAP DN. This parameter must contain <username>. It is required for authentication. uid=<username>,ou=people,o=emr
      desktop.ldap.base_dn The base DN that is used to search for users and user groups in the LDAP server. ou=people,o=emr
      desktop.ldap.search_bind_authentication Specifies whether to use credentials provided in desktop.ldap.bind_dn and desktop.ldap.bind_password to perform search, binding, and authentication. false
      desktop.ldap.use_start_tls Specifies whether to establish a Transport Layer Security (TLS) connection with the LDAP server that is specified by an ldap:// URL. false
      desktop.ldap.create_users_on_login Specifies whether to create users in Hue after a user accesses Hue by using LDAP credentials. true
    2. Click OK.
  4. Save the configurations.
    1. In the upper-right corner of the Service Configuration section, click Save.
    2. In the dialog box that appears, turn on Auto-update Configuration and specify related information.
    3. Click OK.
  5. Deploy client configurations.
    1. In the upper-right corner of the Service Configuration section, click Deploy Client Configuration.
    2. Set required parameters.
    3. Click OK.
  6. In the upper-right corner of the Hue page, select Restart Hue from the Actions drop-down list.

What to do next

Notice After you interconnect Hue with the LDAP server, the original admin account cannot be used to access Hue. The new administrator is the first logon user after the LDAP server is interconnected.
For more information about how to access Hue, see Hue.