If you want to use an account in an Lightweight Directory Access Protocol (LDAP) server to access Hue, you must connect Hue to the LDAP server. This topic describes how to connect Hue to EMR OpenLDAP and perform authentication. If you use a self-managed LDAP server, modify the configurations based on your business requirements.


  1. Go to the Service Configuration section of Hue.
    1. Log on to the Alibaba Cloud EMR console.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. Click the Cluster Management tab.
    4. On the Cluster Management page, find your cluster and click Details in the Actions column.
    5. In the left-side navigation pane, choose Cluster Service > Hue.
    6. Click the Configure tab.
    7. In the Service Configuration section, click hue.
  2. Change the value of backend to desktop.auth.backend.LdapBackend.
  3. Add custom configurations.
    1. Click Custom Configuration in the upper-right corner. In the Add Configuration Item dialog box, add the parameters described in the following table.
      Notice When you add the parameters, set the desktop.ldap.bind_password parameter to the value obtained from the EMR console and set the other parameters to the values provided in the Value column.
      Parameter Description Example
      desktop.ldap.ldap_url The URL of the LDAP server. ldap://emr-header-1:10389
      desktop.ldap.bind_dn The distinguished name (DN) of the administrator. The DN is used to connect to the LDAP or Active Directory (AD) server and query users and user groups. If the LDAP server supports anonymous access, this parameter is not required. uid=admin,o=emr
      desktop.ldap.bind_password The password of the DN of the administrator.
      Note You can obtain the password from Service Configuration for the OpenLDAP service in the EMR console. The value of the manager_password parameter is the password.
      desktop.ldap.ldap_username_pattern The pattern in which a username is matched with an LDAP DN. This parameter must contain <username> to support authentication. uid=<username>,ou=people,o=emr
      desktop.ldap.base_dn The base DN that is used to search for users and user groups in the LDAP server. ou=people,o=emr
      desktop.ldap.search_bind_authentication Specifies whether to use credentials provided in desktop.ldap.bind_dn and desktop.ldap.bind_password to perform search, binding, and authentication. false
      desktop.ldap.use_start_tls Specifies whether to establish a Transport Layer Security (TLS) connection with the LDAP server that is specified by an ldap:// URL. false
      desktop.ldap.create_users_on_login Specifies whether to create users in Hue after a user accesses Hue by using LDAP credentials. true
    2. Click OK.
  4. Save the configurations.
    1. In the upper-right corner of the Service Configuration section, click Save.
    2. In the dialog box that appears, turn on Auto-update Configuration and specify related information.
    3. Click OK.
  5. Deploy client configurations.
    1. In the upper-right corner of the Service Configuration section, click Deploy Client Configuration.
    2. Set the parameters.
    3. Click OK.
  6. Restart Hue.
    1. In the upper-right corner of the Hue service page, choose Actions > Restart Hue.
    2. In the Cluster Activities dialog box, specify Description and click OK.
    3. In the Confirm message, click OK.
    After the restart is complete, you can access a specific execution engine for which LDAP authentication is enabled from Hue.

What to do next

Notice After you connect Hue to the LDAP server, the original admin account cannot be used to access Hue. The new administrator is the first logon user after the LDAP server is connected.
For more information about how to access Hue, see Use Hue.