Page MenuHomePhabricator

Improve Hue user management
Open, LowPublic

Description

Currently, Hue users are manually synced from LDAP. Their Hue user accounts are stored in an SQLite database.

Ideally, there would be an 'analytics' LDAP group to which we could add users. We could then use full LDAP authentication in Hue, and skip syncing accounts altogether.

Alternatively, we should use the MySQL meta instance as the user account state store instead of SQLite.

Event Timeline

Ottomata created this task.Feb 23 2016, 5:54 PM
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptFeb 23 2016, 5:54 PM
Milimetric triaged this task as Normal priority.

We already moved the user accounts to the Mysql meta instance a while back.

We should still get Hue LDAP to work.

Ottomata added a comment.EditedJul 29 2016, 1:35 PM

Ah, lemme restate my previous comment:

We should still get Hue LDAP group based login and permissions to work.

Right now accounts are synced fro LDAP, but they are done so one by one manually when someone needs a new account. It would be much better to just tell Hue that all uses in LDAP group X are allowed to login, and users in group Y are admins. Or at least the group X thing. :)

Yeah that was the idea! I added some reference to remind me some good links :)

Another thing to consider is if the users need to be in a nda-like LDAP group or not.

Ottomata lowered the priority of this task from Normal to Low.
Nuria moved this task from Dashiki to Backlog (Later) on the Analytics board.Jul 3 2017, 4:53 PM