Cloudera Docs

Importing and synchronizing users and groups with an LDAP server in Hue

You can import and synchronize one user at a time, synchronize all user memberships in all groups, import and synchronize all users in one group, or enable synchronization of group memberships automatically when users in those groups log in to Hue.

To synchronize your Hue users and groups with your LDAP server:
  • Hue must be configured to authenticate with LDAP.
  • The logged in user must have Hue superuser permissions.
  1. Log in to Hue as a superuser.
  2. Go to User Admin > Users.
    The User Admin page is displayed.
  3. To import and synchronize one LDAP user in Hue:
    1. Click Add/Sync LDAP user.
    2. Add a username, check Create home directory, and click Add/Sync user.
  4. To synchronize group memberships for LDAP users who have already been imported to Hue:
    1. Click Sync LDAP users/groups.
    2. Select the Create home directories option and click Sync.
  5. To import and synchronize one LDAP group containing its users:
    1. Click Add/Sync LDAP group.
    2. Check Create home directories, and click Sync.
  6. To configure Hue to automatically synchronize LDAP groups and their users when they log in to Hue:
    1. Log in to Cloudera Manager as an Administrator.
    2. Go to Clusters > Hue service > Configuration and enter the following lines in the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini field: 
      [desktop]
[[ldap]]
  sync_groups_on_login=true
    3. Click Save Changes.
    4. Restart the Hue service.
  7. To synchronize LDAP groups having the newly added users that need to be added to Hue, run the following command separately for each LDAP group: 
    $HUE_HOME/build/env/bin/hue import_ldap_group --import-members [***LDAP-GROUP-NAME***] --cm-managed
    You can script and automate this process using a cron job.