Comments (10)
@feng-tao : Ideally user information is kept in a different dbs to support single sign-on. My company have users in office 365 and would lobe to have oauth enabled in amundsen for users to signin using there office 365 account. This way, if any user leaves the org, he may not be able to login to the catalog as well
from amundsen.
@feng-tao all of our users, groups etc are stored in AD, which we connect through LDAP. We're planning NOT to store the users' information in Atlas directly, and will use AD as a source of truth for user information.
This is what we are aiming for:
- Store user identifier (ID/Email/CorporateKey) in Apache Atlas as an entity.
- Fetch user details from AD using that identifier.
Would love to hear your thoughts as well.
from amundsen.
@feng-tao plan is to have a pluggable support of AD, so people would have an option to enable that if they want.
from amundsen.
@tiago-cruz-movile the way I did was to define all these things in get_user_details method.
So my config.py was something like this:
def get_user_details(user_id):
import ldap
ldap_user = os.environ.get('LDAP_USER')
ldap_password = os.environ.get('LDAP_PASSWORD')
connection = ldap. initialize...
.....
class Config:
USER_DETAIL_METHOD = get_user_details
from amundsen.
hey @verdan , what is Active Directory ? Currently Lyft has an internal service which exposes user detail. We build an extractor(private repo as it calls the API from that internal service) and use this model(https://github.com/lyft/amundsendatabuilder/blob/master/databuilder/models/user.py) to push user entity information into neo4j.
from amundsen.
cc @jinhyukchang I don't think I have a good idea on how to support this. Ideally, Amundsen should have as less external dependency as possible(hence we pull user metadata into neo4j at Lyft).
from amundsen.
I have to work on LDAP integration in Amundsen, can someone suggest how do I proceed, like a rough idea what all ingredients I need to setup LDAP with Amundsen, so that in an organisation different sets of permission and permission groups can be set and roles can be assigned to the users who log in and view the categorised data in Amundsen and access the data only authorised to them.
from amundsen.
@amitasthana we are not using LDAP for Access Control at the moment, and will use Apache Ranger for that.
However, I have implemented the LDAP connection to get the user details from AD. You can simply use that way to inject user groups etc in the user detail and then can use that groups/policies to fine tune the access. Still a lot of work in this domain I'd say.
This is the method I imeplemented to get details from LDAP.
https://github.com/lyft/amundsenmetadatalibrary/blob/master/docs/configurations.md#user_detail_method-optional
from amundsen.
Do you have some example about how to configure the ldap authentication in config.py?
I mean, after set the USER_DETAIL_METHOD = get_user_details
, where I should put the string connection, user, port and etc?
from amundsen.
Hi guys, do we have any updates about AD or AAD integration?
We are currently working on a ubuntu machine where Amundsen is deployed using Docker. The ubuntu server is joined in the domain (AD in windows server 2019). Do you know how we can integrate it?
from amundsen.
Related Issues (20)
- Elastic Search Loader fails for Root mapping definition has unsupported parameters error HOT 5
- Frontend npm install problems (lyft repository dependencies) HOT 11
- Broken images in `application_config` documentation HOT 6
- Lineage graph fails to render and due to "missing nodes" HOT 4
- GPL-licensed dependency `unidecode` HOT 5
- install Amundsen azure AKS HOT 3
- Amunsen crashes because yaml file has incompatible versions mentioned HOT 3
- Bug Report neo4j.exceptions.ServiceUnavailable: Couldn't connect to localhost:7687 trying to load sample data HOT 4
- Remove stale bot to allow address issues in a timely manner HOT 2
- Getting error when using sample_glue_loader.py HOT 1
- problem with setup.py HOT 3
- Dynamic notices not updating if we use nav bar search to open another table HOT 1
- Dynamic notices showing incorrect value(s) HOT 1
- neo4j_amundsen couldn't open temporary file HOT 3
- Helm Chart not deployable on k8 1.25 HOT 6
- Bug Report: BigQuery columns `sort_order` attribute is incorrect HOT 1
- Docker compose for docker-amundsen-atlas.yml is failing HOT 2
- Feature Proposal
- Add support for MaxCompute HOT 1
- Support for Unity Catalog HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amundsen.