Page MenuHomePhabricator

Improve Hue user management
Closed, ResolvedPublic


Currently, Hue users are manually synced from LDAP. Their Hue user accounts are stored in an SQLite database.

Ideally, there would be an 'analytics' LDAP group to which we could add users. We could then use full LDAP authentication in Hue, and skip syncing accounts altogether.

Alternatively, we should use the MySQL meta instance as the user account state store instead of SQLite.

Related Objects

Event Timeline

Milimetric triaged this task as Medium priority.Feb 29 2016, 5:03 PM
Milimetric moved this task from Incoming to Event Platform on the Analytics board.

We already moved the user accounts to the Mysql meta instance a while back.

We should still get Hue LDAP to work.

Ah, lemme restate my previous comment:

We should still get Hue LDAP group based login and permissions to work.

Right now accounts are synced fro LDAP, but they are done so one by one manually when someone needs a new account. It would be much better to just tell Hue that all uses in LDAP group X are allowed to login, and users in group Y are admins. Or at least the group X thing. :)

Yeah that was the idea! I added some reference to remind me some good links :)

Another thing to consider is if the users need to be in a nda-like LDAP group or not.

Ottomata lowered the priority of this task from Medium to Low.Nov 2 2016, 2:51 PM
Ottomata moved this task from Q4 2019/2020 to Backlog on the Analytics-Clusters board.
Ottomata claimed this task.