Hue 4.3.0 and LDAP

[hunt...@gmail.com]

I'm using Hue 4.3.0 on Amazon EMR and trying to configure for LDAP(s)

I did the following changes in hue.ini

backend = desktop.auth.backend.LdapBackend,desktop.auth.backend.AllowFirstUserDjangoBackend

 

  [[ldap]]

    [[[ldap_servers]]]

      [[[[mydomain.local]]]]

        ldap_url = ldaps://mydomain-ad-a

        search_bind_authentication = true

        bind_dn = hue...@mydomain.local

        bind_password = mypassword

        base_dn = "DC=mydomain,DC=local"

I've also tried search_bind_authentication = False and included base_dn and bind_dn, but the results look the same

I can import users and groups in hue useradmin however when I attempt to logon with an ldap user I get a 500 error in the browser

This is the log

[20/May/2019 10:55:41 -0700] decorators   INFO     AXES: Calling decorated function: dt_login

[20/May/2019 10:55:41 -0700] backend      WARNING  Cannot configure LDAP with SSL and enable STARTTLS.

[20/May/2019 10:55:41 -0700] forms        ERROR    LDAP auth error: (1062, "Duplicate entry 'tim.hunter' for key 'username'")

[20/May/2019 10:55:41 -0700] access       WARNING  140.16.116.42 -anon- - "POST /hue/accounts/login HTTP/1.1"-- Failed login for user: tim.hunter

[20/May/2019 10:55:41 -0700] middleware   INFO     Processing exception: An error occurred in the current transaction. You can't execute queries until the end of the 'atomic' block.: Traceback (most recent call last):

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/core/handlers/base.py", line 185, in _get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/utils/decorators.py", line 185, in inner

    return func(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/django_axes-2.2.0-py2.7.egg/axes/decorators.py", line 271, in decorated_login

    response = func(request, *args, **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/auth/views.py", line 188, in dt_login

    'active_directory': is_active_directory

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_util.py", line 230, in render

    **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_util.py", line 148, in _render_to_response

    return django_mako.render_to_response(template, *args, **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_mako.py", line 127, in render_to_response

    return HttpResponse(render_to_string(template_name, data_dictionary), **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_mako.py", line 116, in render_to_string_normal

    result = template.render(**data_dict)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/template.py", line 462, in render

    return runtime._render(self, self.callable_, args, data)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/runtime.py", line 838, in _render

    **_kwargs_for_callable(callable_, data))

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/runtime.py", line 873, in _render_context

    _exec_template(inherit, lclcontext, args=args, kwargs=kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/runtime.py", line 899, in _exec_template

    callable_(context, *args, **kwargs)

  File "/tmp/tmp4q0bSc/desktop/login.mako.py", line 183, in render_body

    __M_writer(unicode( commonfooter(None, messages) ))

  File "/usr/lib/hue/desktop/core/src/desktop/views.py", line 560, in commonfooter

    hue_settings = Settings.get_settings()

  File "/usr/lib/hue/desktop/core/src/desktop/models.py", line 124, in get_settings

    settings, created = Settings.objects.get_or_create(id=1)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/manager.py", line 85, in manager_method

    return getattr(self.get_queryset(), name)(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 463, in get_or_create

    return self.get(**lookup), False

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 373, in get

    num = len(clone)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 232, in __len__

    self._fetch_all()

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 1102, in _fetch_all

    self._result_cache = list(self._iterable_class(self))

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 53, in __iter__

    results = compiler.execute_sql(chunked_fetch=self.chunked_fetch)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/compiler.py", line 876, in execute_sql

    cursor.execute(sql, params)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/backends/utils.py", line 60, in execute

    self.db.validate_no_broken_transaction()

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/backends/base/base.py", line 448, in validate_no_broken_transaction

    "An error occurred in the current transaction. You can't "

TransactionManagementError: An error occurred in the current transaction. You can't execute queries until the end of the 'atomic' block.




[20/May/2019 10:55:41 -0700] exception    ERROR    Internal Server Error: /hue/accounts/login

Traceback (most recent call last):

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/core/handlers/exception.py", line 41, in inner

    response = get_response(request)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/core/handlers/base.py", line 249, in _legacy_get_response

    response = self._get_response(request)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/core/handlers/base.py", line 187, in _get_response

    response = self.process_exception_by_middleware(e, request)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/core/handlers/base.py", line 185, in _get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/utils/decorators.py", line 185, in inner

    return func(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/django_axes-2.2.0-py2.7.egg/axes/decorators.py", line 271, in decorated_login

    response = func(request, *args, **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/auth/views.py", line 188, in dt_login

    'active_directory': is_active_directory

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_util.py", line 230, in render

    **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_util.py", line 148, in _render_to_response

    return django_mako.render_to_response(template, *args, **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_mako.py", line 127, in render_to_response

    return HttpResponse(render_to_string(template_name, data_dictionary), **kwargs)

  File "/usr/lib/hue/desktop/core/src/desktop/lib/django_mako.py", line 116, in render_to_string_normal

    result = template.render(**data_dict)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/template.py", line 462, in render

    return runtime._render(self, self.callable_, args, data)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/runtime.py", line 838, in _render

    **_kwargs_for_callable(callable_, data))

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/runtime.py", line 873, in _render_context

    _exec_template(inherit, lclcontext, args=args, kwargs=kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Mako-1.0.7-py2.7.egg/mako/runtime.py", line 899, in _exec_template

    callable_(context, *args, **kwargs)

  File "/tmp/tmp4q0bSc/desktop/login.mako.py", line 183, in render_body

    __M_writer(unicode( commonfooter(None, messages) ))

  File "/usr/lib/hue/desktop/core/src/desktop/views.py", line 560, in commonfooter

    hue_settings = Settings.get_settings()

  File "/usr/lib/hue/desktop/core/src/desktop/models.py", line 124, in get_settings

    settings, created = Settings.objects.get_or_create(id=1)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/manager.py", line 85, in manager_method

    return getattr(self.get_queryset(), name)(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 463, in get_or_create

    return self.get(**lookup), False

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 373, in get

    num = len(clone)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 232, in __len__

    self._fetch_all()

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 1102, in _fetch_all

    self._result_cache = list(self._iterable_class(self))

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 53, in __iter__

    results = compiler.execute_sql(chunked_fetch=self.chunked_fetch)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/compiler.py", line 876, in execute_sql

    cursor.execute(sql, params)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/backends/utils.py", line 60, in execute

    self.db.validate_no_broken_transaction()

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/backends/base/base.py", line 448, in validate_no_broken_transaction

    "An error occurred in the current transaction. You can't "

TransactionManagementError: An error occurred in the current transaction. You can't execute queries until the end of the 'atomic' block.

[20/May/2019 10:55:41 -0700] backend      ERROR    Could not validate if AnonymousUser is a superuser assuming False.

Traceback (most recent call last):

  File "/usr/lib/hue/desktop/core/src/desktop/auth/backend.py", line 108, in is_admin

    is_admin = user.has_hue_permission(action="superuser", app="useradmin")

  File "/usr/lib/hue/desktop/core/src/desktop/auth/backend.py", line 128, in has_hue_permission

    return self._get_profile().has_hue_permission(action=action, app=app)

  File "/usr/lib/hue/desktop/core/src/desktop/auth/backend.py", line 119, in _get_profile

    return get_profile(self._parent)

  File "/usr/lib/hue/apps/useradmin/src/useradmin/models.py", line 147, in get_profile

    profile = UserProfile.objects.get(user=user)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/manager.py", line 85, in manager_method

    return getattr(self.get_queryset(), name)(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 370, in get

    clone = self.filter(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 781, in filter

    return self._filter_or_exclude(False, *args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 799, in _filter_or_exclude

    clone.query.add_q(Q(*args, **kwargs))

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1260, in add_q

    clause, _ = self._add_q(q_object, self.used_aliases)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1286, in _add_q

    allow_joins=allow_joins, split_subq=split_subq,

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1189, in build_filter

    self.check_related_objects(field, value, opts)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1088, in check_related_objects

    for v in value:

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/utils/functional.py", line 239, in inner

    return func(self._wrapped, *args)

TypeError: 'AnonymousUser' object is not iterable

[20/May/2019 10:55:41 -0700] backend      ERROR    Could not validate if AnonymousUser is a superuser assuming False.

Traceback (most recent call last):

  File "/usr/lib/hue/desktop/core/src/desktop/auth/backend.py", line 108, in is_admin

    is_admin = user.has_hue_permission(action="superuser", app="useradmin")

  File "/usr/lib/hue/desktop/core/src/desktop/auth/backend.py", line 128, in has_hue_permission

    return self._get_profile().has_hue_permission(action=action, app=app)

  File "/usr/lib/hue/desktop/core/src/desktop/auth/backend.py", line 119, in _get_profile

    return get_profile(self._parent)

  File "/usr/lib/hue/apps/useradmin/src/useradmin/models.py", line 147, in get_profile

    profile = UserProfile.objects.get(user=user)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/manager.py", line 85, in manager_method

    return getattr(self.get_queryset(), name)(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 370, in get

    clone = self.filter(*args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 781, in filter

    return self._filter_or_exclude(False, *args, **kwargs)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/query.py", line 799, in _filter_or_exclude

    clone.query.add_q(Q(*args, **kwargs))

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1260, in add_q

    clause, _ = self._add_q(q_object, self.used_aliases)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1286, in _add_q

    allow_joins=allow_joins, split_subq=split_subq,

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1189, in build_filter

    self.check_related_objects(field, value, opts)

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/db/models/sql/query.py", line 1088, in check_related_objects

    for v in value:

  File "/usr/lib/hue/build/env/lib/python2.7/site-packages/Django-1.11-py2.7.egg/django/utils/functional.py", line 239, in inner

    return func(self._wrapped, *args)

TypeError: 'AnonymousUser' object is not iterable

[20/May/2019 10:55:41 -0700] decorators   INFO     AXES: Calling decorated function: dt_login

[20/May/2019 10:55:41 -0700] decorators   INFO     args: (True,)

[20/May/2019 10:55:41 -0700] backend      WARNING  Cannot configure LDAP with SSL and enable STARTTLS.

[20/May/2019 10:55:41 -0700] forms        ERROR    LDAP auth error: (1062, "Duplicate entry 'tim.hunter' for key 'username'")

[20/May/2019 10:55:41 -0700] access       WARNING  140.16.116.42 -anon- - "POST /hue/accounts/login HTTP/1.1"-- Failed login for user: tim.hunter

[20/May/2019 10:55:41 -0700] decorators   INFO     AXES: Repeated login failure by 127.0.0.1. Updating access record. Count = 18

[20/May/2019 10:55:41 -0700] access       INFO     140.16.116.42 -anon- - "POST /hue/accounts/login HTTP/1.1" returned in 162ms

[mmcdo...@gmail.com]

Got the similar error in EMR 5.8.0 - hue 4.4.

Running hue ldaptest works fine in command line, but failed in HUE login page.

Not sure what is the root cause, could anyone give any hints?

thanks a lot.

[mmcdo...@gmail.com]

On Tuesday, May 21, 2019 at 1:58:58 AM UTC+8, hunt...@gmail.com wrote:

[mmcdo...@gmail.com]

On Tuesday, May 21, 2019 at 1:58:58 AM UTC+8, hunt...@gmail.com wrote:

[Romain Rigaux]

It could be: the sync LDAP on login might be on and the mapping to Hue username incorrect, so it is trying to create the user again at login.

--
To unsubscribe from this group and stop receiving emails from it, send an email to hue-user+u...@cloudera.org.

[Tim Hunter]

I'm pretty sure the fix for me was to upgrade EMR, I'm currently on 5.28.x

However the only difference between my original post and now is this
setting under
[[[[mydomain.local]]]]
use_start_tls = true

[ay...@g.clemson.edu]

Experiencing the same issue except using emr 5.30

Any luck?

[Tim Hunter]

This works for me for EMR 5.30.1 connecting to my ldap/AD servers

  [[ldap]]
    [[[ldap_servers]]]
      [[[[sss.local]]]]
        search_bind_authentication = true
        bind_dn = user@domain
        ldap_url = ldaps://ldap.url
        use_start_tls = true
        bind_password = mypass
        base_dn = "DC=domain,DC=local"

On Wed, Aug 5, 2020 at 10:51 PM <ay...@g.clemson.edu> wrote:

Experiencing the same issue except using emr 5.30

Any luck?

--
To unsubscribe from this topic, visit https://groups.google.com/a/cloudera.org/d/topic/hue-user/sijYt9K3XVA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to hue-user+u...@cloudera.org.