Synchronize Hue with LDAP Server
Configuring Hue for Lightweight Directory Access Protocol (LDAP) lets you import users and groups from a directory service, synchronize group membership manually or at automatically login, and authenticate with LDAP.
This page explains how to import and synchronize Hue users and groups with the LDAP server. See Authenticate Hue Users with LDAP to ensure you are configured properly.
Tip: After you import and synchronize, learn how to Restrict Group Permissions.
Synchronize Hue Users and Groups with LDAP
There are four LDAP import and sync options in Hue:
LDAP Sync Action | Description |
---|---|
Add/Sync LDAP user | Import and synchronize one user at a time |
Sync LDAP users/groups | Synchronize user memberships in all groups |
Add/Sync LDAP group | Import and synchronize all users in one group |
sync_groups_at_login | Automatically synchronize group membership at login |
Note: Hue does not support importing all groups at once.
Prerequisites
To synchronize your Hue users and groups with your LDAP server:
- Hue must be configured to authenticate with LDAP. See Authenticate Hue Users with LDAP.
- The logged in user must have Hue superuser permissions.
Users
Import and Synchronize One User
To import and synchronize one LDAP user in Hue:
- Log on to the Hue UI as a superuser.
- Go to .
- Click Add/Sync LDAP user.
- Add a username, check Create home directory, and click Add/Sync user.
Synchronize All User Memberships
To synchronize group memberships (for already imported users) to the current state of the LDAP server:
- Log on to the Hue UI as a superuser.
- Go to .
- Click Sync LDAP users/groups.
- Check Create home directories, and click Sync.
Groups
Import and Synchronize One Group (with one or more users)
To import and synchronize a group (and its multiple users):
- Log on to the Hue UI as a superuser.
- Go to .
- Click Add/Sync LDAP group.
- Check Create home directories, and click Sync.
Synchronize Groups (and User Membership) at Login
Note: LDAP sync_groups_at_login only works with Search Bind.
To configure Hue to automatically synchronize users at the Hue login:
- Log on to Cloudera Manager and click Hue.
- Click the Configuration tab and filter by scope=Service-wide and category=Advanced.
- Configure Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini:
[desktop] [[ldap]] sync_groups_on_login=true
- Click Save Changes and Restart Hue.
Restrict Group Permissions
You can configure user permissions on the Groups tab.
- Log on to the Hue UI as a superuser.
- Go to .
- Click the name of the group you want to alter.
- Deselect any users that you do not want to change (all users in the group are selected by default).
- Select or deselect the permissions you want to apply or remove.
- Click Update Group.
Note: A best practice is to remove all permissions from the default group and assign permissions as
appropriate to your own groups.
Page generated August 29, 2019.
<< Authenticate Hue Users with LDAP | ©2016 Cloudera, Inc. All rights reserved | Authenticate Hue Users with SAML >> |
Terms and Conditions Privacy Policy |