Synchronize Hue with LDAP

Configuring Hue for Lightweight Directory Access Protocol (LDAP) lets you import users and groups from a directory service, synchronize group membership manually or at automatically login, and authenticate with LDAP.

This page explains how to import and synchronize Hue users and groups with the LDAP server. See Authenticate Hue with LDAP to ensure you are configured properly.

Synchronize Hue Users and Groups with LDAP

There are four LDAP import and sync options in Hue:
LDAP Sync Action Description
Add/Sync LDAP user Import and synchronize one user at a time
Sync LDAP users/groups Synchronize user memberships in all groups
Add/Sync LDAP group Import and synchronize all users in one group
sync_groups_at_login Automatically synchronize group membership at login

Prerequisites

To synchronize your Hue users and groups with your LDAP server:
  • Hue must be configured to authenticate with LDAP. See Authenticate Hue with LDAP.
  • The logged in user must have Hue superuser permissions.

Users



Import and Synchronize One User

To import and synchronize one LDAP user in Hue:
  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Users.
  3. Click Add/Sync LDAP user.
  4. Add a username, check Create home directory, and click Add/Sync user.

Synchronize All User Memberships

To synchronize group memberships (for already imported users) to the current state of the LDAP server:
  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Users.
  3. Click Sync LDAP users/groups.
  4. Check Create home directories, and click Sync.

Groups



Import and Synchronize One Group (with one or more users)

To import and synchronize a group (and its multiple users):
  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Groups.
  3. Click Add/Sync LDAP group.
  4. Check Create home directories, and click Sync.

Synchronize Groups (and User Membership) at Login

To configure Hue to automatically synchronize users at the Hue login:
  1. Log on to Cloudera Manager and click Hue.
  2. Click the Configuration tab and filter by scope=Service-wide and category=Advanced.
  3. Configure Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini:
    [desktop]
    [[ldap]]
      sync_groups_on_login=true
  4. Click Save Changes and Restart Hue.


Restrict Group Permissions

You can configure user permissions on the Groups tab.

  1. Log on to the Hue UI as a superuser.
  2. Go to User Admin > Groups.
  3. Click the name of the group you want to alter.
  4. Deselect any users that you do not want to change (all users in the group are selected by default).
  5. Select or deselect the permissions you want to apply or remove.
  6. Click Update Group.