Synchronizing Users and Groups
You can use the LDAP username pattern to restrict users when performing searches.
Using this pattern provides a template for the DN that is sent to the directory
service when authenticating. Replace the <username>
parameter with the user name provided on the Hue login page. Specify this pattern in
the /etc/hue/conf/hue.ini
file:
# Pattern for searching for usernames -- Use <username> for the parameter # For use when using LdapBackend for Hue authentication ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
When performing the authentication, Hue must import users to its database to work properly. In this case, passwords are never imported.
By default, the LDAP authentication backend automatically creates users that do not exist in Hue database. The purpose of disabling the automatic import process is to allow only a predefined list of manually imported users to log in.
# Create users in Hue when they try to login with their LDAP credentials # For use when using LdapBackend for Hue authentication create_users_on_login = true
You can specify that user groups be synchronized when a user logs in (to keep the user permission up to date):
# Synchronize a users groups when they login sync_groups_on_login=false
You can configure Hue to ignore username lettercasing or to force lowercasing:
# Ignore the case of usernames when searching for existing users in Hue. ignore_username_case=false # Force usernames to lowercase when creating new users from LDAP. force_username_lowercase=false