Authenticating Hue Users with LDAP Credentials

This section explains how to edit the ldap section of the hue.ini file to enable Hue user authentication with LDAP credentials. These instructions assume you have completed the steps in Setting up Users from an LDAP Database.

WARNING

If you switch to authentication through LDAP credentials, the Hue User Admin users will lose superuser privileges unless you take one of the following actions:

Import one or more superuser accounts from LDAP and assign them superuser permission.
If you have already enabled the LDAP authentication back end, log into Hue using the LDAP back end, which will create an LDAP user. Next, disable the LDAP authentication back end and use User Admin to give the superuser permission to the new LDAP user.

Before you edit the parameters in the hue.ini file, determine whether your LDAP server allows anonymous searches.

If anonymous searches are allowed, use the direct bind method.
If anonymous searches are not allowed, use bind credentials (also known as search and bind).

The following flow chart shows which parameters you must specify for each of these authentication methods:

These are the parameters you need to set in the ldap section of the hue.ini file so you can authenticate Hue users with LDAP credentials:

Parameter	Description	Comments
`search_bind_authentication`	Determines which authentication method to use: search and bind, or direct bind.	When set to true, Hue performs an LDAP search using `bind_dn` and `bind_password` as provided in `hue.ini`. The search can be further limited by the search filter `user_filter`. When set to false, Hue performs a direct bind to LDAP using the credentials provided from one of these sources: the UPN, formed by concatenating `<shortname>` (the user name provided on the Hue login page) and `nt_domain` (if `nt_domain` is specified) the `ldap_username_pattern` (if `nt_domain` is not specified)
`nt_domain`	The NT domain to connect to. This parameter is only used with Active Directory.	Used with the direct bind method of authentication. If `nt_domain` is specified, then `ldap_username_pattern` is ignored.
`ldap_username_pattern`	Used to connect to directory services other than Active Directory.	Used with the direct bind method of authentication. Usually takes the form `"cn=<username>,dc=example,dc=com"`
`backend`	The backend to use for authenticating users.	Needs to be set to `desktop.auth.backend.LdapBackend` for Hue authentication.

HPE Ezmeral Data Fabric – Customer-Managed 7.9.0 Documentation
Abstract	This site contains documentation for the customer-managed platform of the HPE Ezmeral Data Fabric version 7.9.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	November 2024
Edition	7.9.0