Support Questions
Find answers, ask questions, and share your expertise

Hue only syncs hue's superusers groups from LDAP

Expert Contributor

Hello

I'm having the following issue, I've configured ldap backend for hue, and my groups are not syncing correctly on login when the user doesn't have superuser status and doesn't promp any error or warn in logs.

If I use /usr/lib/hue/build/env/bin/hue sync_ldap_users_and_groups then all current users get sync, I thought that could be permisions problems with desktop.db file but after try giving it 777 the problem persist.

I've the following configuration in hue.ini:

   [[ldap]]


    # The search base for finding users and groups
    base_dn="DC=TEST,DC=INT"


    # URL of the LDAP server
    ldap_url=ldap://win-pgn67nmqehm.test.int/


    # A PEM-format file containing certificates for the CA's that
    # Hue will trust for authentication over TLS.
    # The certificate for the CA that signed the
    # LDAP server certificate must be included among these certificates.
    # See more here http://www.openldap.org/doc/admin24/tls.html.
    ## ldap_cert=
    ## use_start_tls=true
    #nt_domain=test.int
    # Distinguished name of the user to bind as -- not necessary if the LDAP server
    # supports anonymous searches
    bind_dn="CN=Administrador,CN=Users,DC=TEST,DC=INT"


    # Password of the bind user -- not necessary if the LDAP server supports
    # anonymous searches
    bind_password="password"


    # Pattern for searching for usernames -- Use <username> for the parameter
    # For use when using LdapBackend for Hue authentication
    ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"


    # Create users in Hue when they try to login with their LDAP credentials
    # For use when using LdapBackend for Hue authentication
    create_users_on_login=true


    # Synchronize a users groups when they login
    sync_groups_on_login=true


    # Ignore the case of usernames when searching for existing users in Hue.
    #gnore_username_case=true


    # Force usernames to lowercase when creating new users from LDAP.
    ## force_username_lowercase=false


    # Use search bind authentication.
    search_bind_authentication=true


    # Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
    #subgroups=suboordinate
    # Define the number of levels to search for nested members.
    #nested_members_search_depth=10


    # Whether or not to follow referrals
    #follow_referrals=false


    [[[users]]]


      # Base filter for searching for users
      user_filter="(&(objectclass=user)(|(memberOf=CN=hue-user,OU=hue,OU=bigdata,DC=test,DC=int)(memberOf=CN=hue-admin,OU=hue,OU=bigdata,DC=test,DC=int)))"


      # The username attribute in the LDAP schema
      user_name_attr=sAMAccountName


    [[[groups]]]


      # Base filter for searching for groups
      group_filter="objectclass=group"


      # The username attribute in the LDAP schema
      group_name_attr=cn




Any help about what may be the problem?

Thank you in advance.

1 REPLY 1

New Contributor

Hi Was @Juan Manuel Nieto , were you able to resolve this ?