Authentication seems to work as expected.
LDAP Sync has a couple of issues.
This should be LOG.error (not LOG.Error):
LOG.Error("Not able to connect with LDAP server: %s, error: %s" % (ldap_url,e))
If there is a connection failure, an uncaught exception is thrown in hue/apps/useradmin/src/useradmin/views.py
File "/opt/cloudera/parcels/CDH-6.3.0-1.cdh6.3.0.p0.1279813/lib/hue/apps/useradmin/src/useradmin/views.py", line 906, in _import_ldap_users user_info = connection.find_users(username_pattern, find_by_dn=import_by_dn) AttributeError: 'NoneType' object has no attribute 'find_users'
I think this is an issue that has always been around due to the logic here where "import_ldap_users()" is in the try: block. This means even if the connection fails, we attempt to import users.
We should probably move "import_ldap_users()" to after the try/accept block and check that a connection was made successfully.
server = form.cleaned_data.get('server') try: failed_ldap_users =  connection = ldap_access.get_connection_from_server(server) users = import_ldap_users(connection, username_pattern, False, import_by_dn, failed_users=failed_ldap_users) except (ldap.LDAPError, LdapBindException), e: LOG.error("LDAP Exception: %s" % smart_str(e)) raise PopupException(smart_str(_('There was an error when communicating with LDAP: %s')) % str(e)) except ValidationError, e: LOG.error("LDAP Exception: %s" % smart_str(e)) raise PopupException(smart_str(_('There was a problem with some of the LDAP information: %s')) % str(e))
[useradmin] HUE-9137 Enable Hue validate ldap_cert by default unless user configs it explicitly to false
Review Request #14736 — Created Feb. 3, 2020 and updated
|bgooley, romain, yingc|
Enable Hue validate ldap_cert by default unless user configs it explicitly to false
Upload the diff to secure and unsecure clusters
LDAP user can log in with following configs:
ldaps+ no cert +validate(False)
ldaps cert validate(False)
Fails with error (ldaps + No Cert + Validate(True) as expected:
[03/Feb/2020 11:53:44 -0800] forms ERROR LDAP auth error: LDAP_CERT is required when LDAPS or StartTLS is configured!