Cloudera Enterprise 5.15.x | Other versions

Synchronize Hue with LDAP Server

Configuring Hue for Lightweight Directory Access Protocol (LDAP) lets you import users and groups from a directory service, synchronize group membership manually or at automatically login, and authenticate with LDAP.

This page explains how to import and synchronize Hue users and groups with the LDAP server. See Authenticate Hue Users with LDAP to ensure you are configured properly.

  Tip: After you import and synchronize, learn how to Restrict Group Permissions.

Synchronize Hue Users and Groups with LDAP

There are four LDAP import and sync options in Hue:
LDAP Sync Action Description
Add/Sync LDAP user Import and synchronize one user at a time
Sync LDAP users/groups Synchronize user memberships in all groups
Add/Sync LDAP group Import and synchronize all users in one group
sync_groups_at_login Automatically synchronize group membership at login
  Note: Hue does not support importing all groups at once.

Prerequisites

To synchronize your Hue users and groups with your LDAP server:

Users



Import and Synchronize One User

To import and synchronize one LDAP user in Hue:
  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Users.
  3. Click Add/Sync LDAP user.
  4. Add a username, check Create home directory, and click Add/Sync user.

Synchronize All User Memberships

To synchronize group memberships (for already imported users) to the current state of the LDAP server:
  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Users.
  3. Click Sync LDAP users/groups.
  4. Check Create home directories, and click Sync.

Groups



Import and Synchronize One Group (with one or more users)

To import and synchronize a group (and its multiple users):
  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Groups.
  3. Click Add/Sync LDAP group.
  4. Check Create home directories, and click Sync.

Synchronize Groups (and User Membership) at Login

  Note: LDAP sync_groups_at_login only works with Search Bind.
To configure Hue to automatically synchronize users at the Hue login:
  1. Log on to Cloudera Manager and click Hue.
  2. Click the Configuration tab and filter by scope=Service-wide and category=Advanced.
  3. Configure Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini:
    [desktop]
    [[ldap]]
      sync_groups_on_login=true
  4. Click Save Changes and Restart Hue.



Restrict Group Permissions

You can configure user permissions on the Groups tab.

  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Groups.
  3. Click the name of the group you want to alter.
  4. Deselect any users that you do not want to change (all users in the group are selected by default).
  5. Select or deselect the permissions you want to apply or remove.
  6. Click Update Group.
  Note: A best practice is to remove all permissions from the default group and assign permissions as appropriate to your own groups.
Page generated May 18, 2018.