Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Incomplete
-
Affects Version/s: 3.5.0
-
Fix Version/s: None
-
Component/s: core.api
-
Labels:None
-
Easy:Easy
Description
There is an issue in more complex AD environments where AD only returns a referral when you do a search and bind query. As a result Hue fails because it does not handle the referral. For example, lets say you have an AD env that looks like:
cn=Users,dc=test,dc=com
cn=Users1,dc=test,dc=com
And you have users in both Users and Users1 that need to login to Hue. So you set your base_dn to "dc=test,dc=com". In this scenario, AD will return only a referral. As a result logins fail. I will look into this further, but I think the best solution is to add an option "follow_referrals" that sets "ldap.OPT_REFERRALS" to 1.
There are workarounds:
1. You can set nt_domain and not use search and bind. However, some complex AD environments won't work with nt_domain. For example, lets say you have different UPN's for certain user's.
cconner@TEST.COM
cconner2@DIFF.TEST.COM
Then you can't use nt_domain.
2. You can point to the Global Catalog(port 3268) for the search. However, it's not recommended to use the GC as your source for AD info.
Attachments
Issue Links
- relates to
-
-
- Resolved
-