Support Questions

Find answers, ask questions, and share your expertise

How to sync ldap users and group with hue?

 
1 ACCEPTED SOLUTION

@Radhakrishnan Rk

1. Stop the Hue instances, if any. /etc/init.d/hue stop

2. On the node where Hue is installed take a backup of hue.ini

cp /etc/hue/conf/hue.ini /etc/hue/conf/hue.ini.bkup

3. On all the Hue instances edit /etc/hue/conf/hue.ini

 # Configuration options for connecting to LDAP and Active Directory
  # -------------------------------------------------------------------

  [[ldap]]

    # The search base for finding users and groups
    base_dn="DC=mycompany,DC=com"

    # URL of the LDAP server
	ldap_url=ldap://auth.mycompany.com

    # A PEM-format file containing certificates for the CA's that
    # Hue will trust for authentication over TLS.
    # The certificate for the CA that signed the
    # LDAP server certificate must be included among these certificates.
    # See more here http://www.openldap.org/doc/admin24/tls.html.
    ## ldap_cert=
    ## use_start_tls=true

    # Distinguished name of the user to bind as -- not necessary if the LDAP server
    # supports anonymous searches
    bind_dn=" uid=hadoopService,CN=ServiceAccount,DC=mycompany,DC=com"
    
    # Password of the bind user -- not necessary if the LDAP server supports
    # anonymous searches
    bind_password=
    
    # Pattern for searching for usernames -- Use <username> for the parameter
    # For use when using LdapBackend for Hue authentication
    ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"

    # Create users in Hue when they try to login with their LDAP credentials
    # For use when using LdapBackend for Hue authentication
	create_users_on_login = true

    # Synchronize a users groups when they login
    sync_groups_on_login=true
	
	# Ignore the case of usernames when searching for existing users in Hue.
    ignore_username_case=true

    # Force usernames to lowercase when creating new users from LDAP.
    force_username_lowercase=true

    # Use search bind authentication.
    search_bind_authentication=true
       
    # Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
    subgroups=suboordinate

    # Define the number of levels to search for nested members.
    nested_members_search_depth=10

    [[[users]]]
      # Base filter for searching for users
      user_filter="objectclass=*"
     
      # The username attribute in the LDAP schema
      user_name_attr=sAMAccountName
   
    [[[groups]]]

      # Base filter for searching for groups
      group_filter="objectclass=*"
  
      # The username attribute in the LDAP schema
     group_name_attr=cn 

4. Start the /etc/init.d/hue start and test it.

View solution in original post

1 REPLY 1

@Radhakrishnan Rk

1. Stop the Hue instances, if any. /etc/init.d/hue stop

2. On the node where Hue is installed take a backup of hue.ini

cp /etc/hue/conf/hue.ini /etc/hue/conf/hue.ini.bkup

3. On all the Hue instances edit /etc/hue/conf/hue.ini

 # Configuration options for connecting to LDAP and Active Directory
  # -------------------------------------------------------------------

  [[ldap]]

    # The search base for finding users and groups
    base_dn="DC=mycompany,DC=com"

    # URL of the LDAP server
	ldap_url=ldap://auth.mycompany.com

    # A PEM-format file containing certificates for the CA's that
    # Hue will trust for authentication over TLS.
    # The certificate for the CA that signed the
    # LDAP server certificate must be included among these certificates.
    # See more here http://www.openldap.org/doc/admin24/tls.html.
    ## ldap_cert=
    ## use_start_tls=true

    # Distinguished name of the user to bind as -- not necessary if the LDAP server
    # supports anonymous searches
    bind_dn=" uid=hadoopService,CN=ServiceAccount,DC=mycompany,DC=com"
    
    # Password of the bind user -- not necessary if the LDAP server supports
    # anonymous searches
    bind_password=
    
    # Pattern for searching for usernames -- Use <username> for the parameter
    # For use when using LdapBackend for Hue authentication
    ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"

    # Create users in Hue when they try to login with their LDAP credentials
    # For use when using LdapBackend for Hue authentication
	create_users_on_login = true

    # Synchronize a users groups when they login
    sync_groups_on_login=true
	
	# Ignore the case of usernames when searching for existing users in Hue.
    ignore_username_case=true

    # Force usernames to lowercase when creating new users from LDAP.
    force_username_lowercase=true

    # Use search bind authentication.
    search_bind_authentication=true
       
    # Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
    subgroups=suboordinate

    # Define the number of levels to search for nested members.
    nested_members_search_depth=10

    [[[users]]]
      # Base filter for searching for users
      user_filter="objectclass=*"
     
      # The username attribute in the LDAP schema
      user_name_attr=sAMAccountName
   
    [[[groups]]]

      # Base filter for searching for groups
      group_filter="objectclass=*"
  
      # The username attribute in the LDAP schema
     group_name_attr=cn 

4. Start the /etc/init.d/hue start and test it.