Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Hue - Retrieval of LDAP Group Membership when Users Log In - Direct Bind

avatar
Explorer

Could someone clarify a couple of things for me please?

 

1. When you have set up Hue (2.5, within CDH4.6) to use direct bind LDAP authentication, when a user logs in, should their LDAP groups automatically come through as well and be shown as groups within Hue's User Admin pages? For reference i'm trying this against OpenLDAP as the LDAP server, and whilst I can direct bind authenticate as a user, and seperately import in LDAP groups, I can't seem to automatically retrieve the users' groups when they log in even though I've set the "member" LDAP attribute etc in the LDAP settings.

 

2. Is there any way to configure Hue in direct bind mode to only allow users who belong to certain groups in LDAP to log in? For example, if I assign users to two groups - HUE_ADMIN and HUE_USER - can I configure Hue to only give access to those groups, and deny everyone else access (even if they've entered otherwise valid LDAP credentials in direct bind mode)?

 

3. Finally - is there any way to automatically assign Hue Superuser status to direct bind LDAP users based on membership of a certain LDAP group (for example, HUE_ADMIN?)

 

thanks

 

Mark

1 ACCEPTED SOLUTION

avatar
Explorer
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
3 REPLIES 3

avatar
Super Guru

avatar
Explorer

Thanks, I've read that doc (and the rest of the online docs) and it doesn't really answer my questions.


For example, it says "With the Hue LDAP integration, users can use their LDAP credentials to authenticate and inherit their existing groups transparently", but then later on says "If an LDAP user needs to be part of a certain group and have a particular set of permissions, then this user can be imported via the Useradmin interface" - hence my question as to whether users that come in via direct bind authentication automatically are assigned to groups within Hue - or whether I need to separately import groups, then manually add the users to the groups in Hue.

 

And it doesn't address my second or third questions, either.

 

Is there anyone from the Hue team who can answer my specific questions?

 

thanks in advance

 

Mark

avatar
Explorer
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login