![]() ![]() Down at the bottom we tell Metabase to synchronize group memberships with information from LDAP, and that it can find groups under the domain. Let’s go back to the LDAP configuration page in the Admin settings. ( This article on sandboxing has more information about managing table access in Metabase.) Group Management We then grant access to the Human Resources group. Next, we go to Admin settings > Permissions > Data and disable general access to the People table so that people cannot see that table by default. Neither of them can see the People table yet because we haven’t told Metabase to get group information from LDAP. To test that, we can open an anonymous browser window and log in as either Rasmus or Farrah. All of our people are under, and we can find them using the default search filter (which looks people up by ID or email address).Īt this point people can log in via LDAP. We are using a local instance on port 389, and we want Metabase to use the “Manager” account to access LDAP. To do this, we click on Authentication, enable LDAP, and then fill in the settings to tell Metabase where it can find the server. The next step is to tell Metabase that it can authenticate people via LDAP. We’ll call our group “Human Resources”, but we won’t add any people to it here in Metabase: we’re going to rely on LDAP to manage membership. To start, we click on the gears icon in the bottom of the navigation sidebar and select Admin settings > People > Groups and select Create a Group. Tell Metabase to get group information from LDAP.Specify which tables that group can access.Tell Metabase that people can authenticate through LDAP.Once LDAP has the right records, we can log into Metabase using an account with administrator rights. If you’re following along with OpenLDAP and setting it up from scratch, you may need to modify the nf configuration file to include the cosine.schema and inetorgperson.schema schema files as well as core.schema in order for this to work. Instead, we need a separate Groups records for our user groups, and below that, a groupOfNames record that specifies that Farrah and another employee named Luis are in Human Resources: dn: ou=Groups,dc=metabase,dc=comĭn: cn=Human Resources,ou=Groups,dc=metabase,dc=com The records for Farrah and Rasmus don’t specify which groups they are part of. We also have records for Farrah (who is in HR) and Rasmus (who isn’t): dn: uid=farrah,dc=metabase,dc=com ![]() We already have a record in LDAP for the company: dn: dc=metabase,dc=com Since our company is already using LDAP for single sign-on (SSO), we want to get information about who is (and isn’t) in HR from LDAP. The People table contains personal identifying information (PII), so we only want people in Human Resources to be able to see it. The Sample Database that ships with Metabase has four tables. We won’t try to teach you LDAP itself, but we will only assume you know a few basic concepts. This tutorial shows you how to connect Metabase to an LDAP server for authentication, and how to use group information from that LDAP server to control who can view tables in Metabase. ![]() Authentication and access control are essential to ensuring that the right people have access to the data they need, and that only the right people have that access. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |