Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Synchronizing Users and Groups

You can use the LDAP username pattern to restrict users when performing searches. Using this pattern provides a template for the DN that is sent to the directory service when authenticating. Replace the <username> parameter with the user name provided on the Hue login page. Specify this pattern in the /etc/hue/conf/hue.ini file:

# Pattern for searching for usernames -- Use <username> for the parameter
# For use when using LdapBackend for Hue authentication
ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"

When performing the authentication, Hue must import users to its database to work properly. In this case, passwords are never imported.

By default, the LDAP authentication backend automatically creates users that do not exist in Hue database. The purpose of disabling the automatic import process is to allow only a predefined list of manually imported users to log in.

# Create users in Hue when they try to login with their LDAP credentials
# For use when using LdapBackend for Hue authentication
create_users_on_login = true

You can specify that user groups be synchronized when a user logs in (to keep the user permission up to date):

# Synchronize a users groups when they login
sync_groups_on_login=false

You can configure Hue to ignore username lettercasing or to force lowercasing:

# Ignore the case of usernames when searching for existing users in Hue.
ignore_username_case=false

# Force usernames to lowercase when creating new users from LDAP.
force_username_lowercase=false