Thursday, September 3, 2015

Solving HUE-1711 [core] LDAP username import lowercase problem

Hi again,

In this post, i will write about username conflict when adding a user from LDAP on HUE via Cloudera Manager. Usernames are created maintaining case sensitive, but they are lowercase at OS. So people on working HUE can not access their files when logon from terminal. I show how to remove that problem.

For example, my AD distinguished name is ErkanUl, but OS username is erkanul.

So when i work at OS level , i see .

[BDAHOST]~$hadoop fs -ls 
Found 8 items
drwx------   - erkanul erkanul          0 2015-08-07 14:14 .Trash
drwxr-xr-x   - erkanul erkanul          0 2015-08-21 19:06 .sparkStaging
drwx------   - erkanul erkanul          0 2015-08-07 16:20 .staging
drwxr-xr-x   - erkanul erkanul          0 2015-08-07 16:20 SQOOPERKANUL.SQOOPTEST3
drwxr-xr-x   - erkanul erkanul          0 2015-08-07 16:20 _sqoop
-rw-r--r--   3 erkanul erkanul  128589824 2015-08-07 14:23 part-m-00000
-rwxrwxrwx   3 erkanul erkanul       2795 2015-09-01 10:00 test_erkanul.csv
-rwxrwxrwx   3 erkanul erkanul       2840 2015-09-01 10:04 test_erkanul2.csv

But in HUE screen , i see


So the problem is that when working OS level, i get my Kerberos ticket with lowercase username

Default principal: erkanul@KRBHOST

If i get my kerberos ticket with case sensitive username ErkanUl, i get myfiles exactly seen on HUE

As it is mentioned in "HUE-1711 [core] LDAP username import lowercase" finding, we can force lowercase convertion.

In the document hadoop-ldap on cloudera site, we can enable that forcing.


Case Sensitivity

You can configure Hue to ignore the case of usernames as well as force usernames to lower case via the ignore_username_case and force_username_lowercase configurations. These two configurations should be used in conjunction with each other. This is useful when integrating with a directory service containing usernames in capital letters and UNIX usernames in lowercase letters (which is a Hadoop requirement). Here is an example of configuring them:


Changing HUE parameters on CM

It is not recommended to change hue.ini file manually, because when we restart HUE service on Cloudera Manager it overrides the values. so we have to configure it via Cloudera Manager.

To change the parameter, navigate to HUE configuration page and search for the following.

"Hue Server Advanced Configuration Snippet (Safety Valve) for hue_safety_valve_server.ini"

and paste the values as following. 

After that , restart the HUE service on Cloudera Manager.

Once the server restarted, i delete my account called "ErkanUl" on HUE, and i added my user from LDAP again. Here you have to use your distinguishedName on AD server.

After this, i see my user correctly with lowercase username and my own files.

NOTE: This convertion works well with Turkish uppercase issues, I > i.

After that we can easily add/sync all LDAP groups&users correctly to Hadoop.


Thanks for reading.

enjoy & share


