E-MapReduce:Connect Hue to an LDAP server

Procedure

1. Go to the hue tab of the Hue service page.

   1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.

   2. In the top navigation bar, select the region in which your cluster resides and select a resource group based on your business requirements.

   3. On the EMR on ECS page, find the desired cluster and click Services in the Actions column.

   4. Find the Hue service and click Configure.

   5. On the Configure tab, click hue.

2. Change the value of backend to desktop.auth.backend.LdapBackend.

3. Add custom configurations.

   1. Click Add Configuration Item. In the Add Configuration Item dialog box, add configuration items and click OK. The following table describes the configuration items.

      Important

      When you add the configuration items, set the desktop.ldap.bind_password configuration item to the value obtained from the EMR console and set other configuration items to the values provided in the Example column.

      Configuration item	Description	Example
      desktop.ldap.ldap_url	The URL of the LDAP server.	ldap://emr-header-1:10389
      desktop.ldap.bind_dn	The distinguished name (DN) of the administrator. The DN is used to connect to the LDAP or Active Directory (AD) server and query users and user groups. If the LDAP server supports anonymous access, this configuration item is not required.	uid=admin,o=emr
      desktop.ldap.bind_password	The password of the DN of the administrator. Note You must obtain the value of the admin_pwd configuration item on the OpenLDAP service page in the EMR console. The obtained value is the password.	None
      desktop.ldap.ldap_username_pattern	The pattern in which a username is matched with an LDAP DN. The value of this configuration item must contain <username> to support authentication.	uid=<username>,ou=people,o=emr
      desktop.ldap.base_dn	The base DN that is used to search for users and user groups in the LDAP server.	ou=people,o=emr
      desktop.ldap.search_bind_authentication	Specifies whether to use credentials provided in desktop.ldap.bind_dn and desktop.ldap.bind_password to perform search, binding, and authentication.	false
      desktop.ldap.use_start_tls	Specifies whether to establish a Transport Layer Security (TLS) connection with the LDAP server that is specified by an ldap:// URL.	false
      desktop.ldap.create_users_on_login	Specifies whether to create users in Hue after a user accesses Hue by using LDAP credentials.	true

   2. In the dialog box that appears, configure the Execution Reason parameter and click Save.

4. Deploy client configurations.

   1. In the lower part of the Configure tab, click Deploy Client Configuration.

   2. In the dialog box that appears, configure the Execution Reason parameter and click OK.

   3. In the Confirm message, click OK.

5. Restart Hue.

   After the restart is complete, you can access a specific execution engine for which LDAP authentication is enabled from Hue.

   DataLake cluster

   If you install Hue in the DataLake cluster, perform the following steps to restart Hue:

   1. Log on to the master node of your cluster. For more information, see Log on to a cluster.

   2. Run the following command as the root user to stop Hue:

      # Run the grep command to query all Hue-related processes. 
         ps -ef | grep hue
         
      # Kill the Hue-related processes based on the output of the previous command. For example, if the process ID is 12345, run the following command to kill the process: 
         kill 12345

   3. Run the following command as the root user to start Hue:

      source /opt/apps/hue/build/env/bin/activate
      supervisor

   Hadoop cluster

   1. In the upper-right corner of the Configure tab, choose More > Restart.

   2. In the dialog box that appears, configure the Execution Reason parameter and click OK.

   3. In the Confirm message, click OK.