Connect Hue to an LDAP server

If you want to use an account in an Lightweight Directory Access Protocol (LDAP) server to access Hue, you must connect Hue to the LDAP server. This topic describes how to connect Hue to EMR OpenLDAP and perform authentication. If you use a self-managed LDAP server, modify the configurations based on your business requirements.

1. Go to the Service Configuration section of Hue.
   1. Log on to the Alibaba Cloud EMR console.
   2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
   3. Click the Cluster Management tab.
   4. On the Cluster Management page, find your cluster and click Details in the Actions column.
   5. In the left-side navigation pane, choose Cluster Service > Hue.
   6. Click the Configure tab.
   7. In the Service Configuration section, click hue.
      
2. Change the value of backend to desktop.auth.backend.LdapBackend.
3. Add custom configurations.
   1. Click Custom Configuration in the upper-right corner. In the Add Configuration Item dialog box, add the parameters described in the following table.
      Notice When you add the parameters, set the desktop.ldap.bind_password parameter to the value obtained from the EMR console and set the other parameters to the values provided in the Value column.

      Parameter	Description	Example
      desktop.ldap.ldap_url	The URL of the LDAP server.	ldap://emr-header-1:10389
      desktop.ldap.bind_dn	The distinguished name (DN) of the administrator. The DN is used to connect to the LDAP or Active Directory (AD) server and query users and user groups. If the LDAP server supports anonymous access, this parameter is not required.	uid=admin,o=emr
      desktop.ldap.bind_password	The password of the DN of the administrator. Note You can obtain the password from Service Configuration for the OpenLDAP service in the EMR console. The value of the manager_password parameter is the password.	None
      desktop.ldap.ldap_username_pattern	The pattern in which a username is matched with an LDAP DN. This parameter must contain <username> to support authentication.	uid=<username>,ou=people,o=emr
      desktop.ldap.base_dn	The base DN that is used to search for users and user groups in the LDAP server.	ou=people,o=emr
      desktop.ldap.search_bind_authentication	Specifies whether to use credentials provided in desktop.ldap.bind_dn and desktop.ldap.bind_password to perform search, binding, and authentication.	false
      desktop.ldap.use_start_tls	Specifies whether to establish a Transport Layer Security (TLS) connection with the LDAP server that is specified by an ldap:// URL.	false
      desktop.ldap.create_users_on_login	Specifies whether to create users in Hue after a user accesses Hue by using LDAP credentials.	true

   2. Click OK.
4. Save the configurations.
   1. In the upper-right corner of the Service Configuration section, click Save.
   2. In the dialog box that appears, turn on Auto-update Configuration and specify related information.
   3. Click OK.
5. Deploy client configurations.
   1. In the upper-right corner of the Service Configuration section, click Deploy Client Configuration.
   2. Set the parameters.
   3. Click OK.
6. Restart Hue.
   1. In the upper-right corner of the Hue service page, choose Actions > Restart Hue.
   2. In the Cluster Activities dialog box, specify Description and click OK.
   3. In the Confirm message, click OK.
   After the restart is complete, you can access a specific execution engine for which LDAP authentication is enabled from Hue.