Enabling LDAP

Sparkling Water can use LDAP for user authentication. You need to have login.conf with the content similar to the one below:

ldaploginmodule {
    ai.h2o.org.eclipse.jetty.plus.jaas.spi.LdapLoginModule required
    debug="true"
    useLdaps="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="ldap.h2o.ai"
    port="389"
    bindDn="cn=admin,dc=h2o,dc=ai"
    bindPassword="h2o"
    authenticationMethod="simple"
    forceBindingLogin="true"
    userBaseDn="ou=users,dc=h2o,dc=ai";
};

This configuration file needs to be modified for your specific LDAP configuration.

Generally, to enable LDAP you need to set the following environmental properties:

  • spark.ext.h2o.ldap.login=true
  • spark.ext.h2o.login.conf=ldap.conf

where ldap.conf is the configuration file for the LDAP connection.

Configuring LDAP in Scala

You can pass the required properties directly as Spark properties, such as:

./bin/sparkling-shell --conf spark.ext.h2o.ldap.login=true --conf spark.ext.h2o.login.conf=ldap.conf

And later, you can create H2OContext without the configuration object as:

import org.apache.spark.h2o._
val hc = H2OContext.getOrCreate(spark)

Or, you can also use setters available on H2OConf as:

import org.apache.spark.h2o._
val conf = new H2OConf(spark).setLoginConf("ldap.conf").setLdapLoginEnabled()
val hc = H2OContext.getOrCreate(spark, conf)

Later when accessing Flow, you will be asked for the username and password of a user available in your LDAP domain.

Configuring LDAP in Python (PySparkling)

You can pass the required properties directly as Spark properties, such as:

./bin/pysparkling --conf spark.ext.h2o.ldap.login=true --conf spark.ext.h2o.login.conf=ldap.conf

And later, you can create H2OContext without the configuration object as:

from pysparkling import *
hc = H2OContext.getOrCreate(spark, auth=("username", "password"))

Or, you can also use setters available on H2OConf as:

from pysparkling import *
conf = H2OConf(spark).set_login_conf("ldap.conf").set_ldap_login_enabled()
hc = H2OContext.getOrCreate(spark, conf, auth=("username", "password"))

You can see that in the case of PySparkling, you need to also specify the username and password as part of the H2OContext call. This is required because you want to have the Python client authenticated as well.

Later when accessing Flow, you will be asked for the username and password of a user available in your LDAP domain.