Page MenuHomePhabricator
Create Task
Maniphest T127850

Improve Hue user management
Closed, ResolvedPublic
Actions

Description

Currently, Hue users are manually synced from LDAP. Their Hue user accounts are stored in an SQLite database.

Ideally, there would be an 'analytics' LDAP group to which we could add users. We could then use full LDAP authentication in Hue, and skip syncing accounts altogether.

Alternatively, we should use the MySQL meta instance as the user account state store instead of SQLite.

Related Objects
Search...

Event Timeline

Ottomata created this task.Feb 23 2016, 5:54 PM
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptFeb 23 2016, 5:54 PM
Milimetric triaged this task as Medium priority.Feb 29 2016, 5:03 PM
Milimetric moved this task from Incoming to Event Platform on the Analytics board.
Ottomata moved this task from Backlog to Q4 2019/2020 on the Analytics-Clusters board.Apr 7 2016, 3:44 PM
elukey added a comment.Jul 28 2016, 5:20 PM

We already moved the user accounts to the Mysql meta instance a while back.

Ottomata added a comment.Jul 28 2016, 5:24 PM

We should still get Hue LDAP to work.

elukey added a comment.Jul 29 2016, 1:34 PM

Some reference for CDH 5.5 are in http://www.cloudera.com/documentation/enterprise/5-5-x/topics/cdh_sg_hue_ldap_config.html

Ottomata added a comment.EditedJul 29 2016, 1:35 PM

Ah, lemme restate my previous comment:

We should still get Hue LDAP group based login and permissions to work.

Right now accounts are synced fro LDAP, but they are done so one by one manually when someone needs a new account. It would be much better to just tell Hue that all uses in LDAP group X are allowed to login, and users in group Y are admins. Or at least the group X thing. :)

elukey added a comment.Jul 29 2016, 1:39 PM

Yeah that was the idea! I added some reference to remind me some good links :)

elukey added a comment.Jul 29 2016, 1:58 PM

Other references:

elukey added a comment.Oct 26 2016, 11:04 AM

Another thing to consider is if the users need to be in a nda-like LDAP group or not.

Nuria moved this task from Event Platform to Dashiki on the Analytics board.Oct 31 2016, 3:48 PM
Ottomata lowered the priority of this task from Medium to Low.Nov 2 2016, 2:51 PM
Ottomata moved this task from Q4 2019/2020 to Backlog on the Analytics-Clusters board.
Nuria moved this task from Dashiki to Backlog (Later) on the Analytics board.Jul 3 2017, 4:53 PM
fdans moved this task from Backlog (Later) to Deprioritized on the Analytics board.Oct 26 2017, 4:37 PM
nshahquinn-wmf subscribed.Dec 14 2018, 1:12 AM
nshahquinn-wmf added a project: Product-Analytics.Sep 24 2019, 8:55 AM
nshahquinn-wmf moved this task from Triage to Tracking on the Product-Analytics board.
Dzahn closed subtask T242026: Access to analytics infrastructure for SNowick_WMF as Resolved.Jan 8 2020, 5:36 PM
elukey moved this task from Backlog to Triaged but not scheduled yet on the Analytics-Clusters board.Jun 10 2020, 2:57 PM
Aklapper removed a project: Analytics.Jul 4 2020, 7:59 AM
Ottomata closed this task as Resolved.Apr 19 2021, 3:42 PM
Ottomata claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits