Feature Request: LDAP Authentication

First: Wow. Excellent Product. Metabase is a great idea. The BI space is incredibly complicated, but it generally comes down to having a reports team that knows how to use a complicated BI product, and consumers of said reports whining that the reports team isn’t giving them what they want. This is a huge collaboration point for the data scientists and the consumers and understand each other.

I’m already managing quite a few users, and while the admin panel is incredibly well designed and very user friendly, it would be awesome if you could have LDAP integration similar to the way how Gitlab LDAP authentication works in their “community product”.

Essentially, and administrator provides a LDAP server url, and a group filter. For us this is:

  :host => 'activedirectory',
  :port => 389,
  :method => :plain,
  :base => 'cn=Users,dc=windows,dc=corp,dc=springventuregroup,dc=com',
  :uid => 'sAMAccountName',
  :filter => '(&(sAMAccountName=%{username})(memberOf:1.2.840.113556.1.4.1941:=CN=gitlab_users,OU=Applications,OU=Groups,DC=windows,DC=corp,DC=xxx,DC=com))',

So anyone that’s a member of ‘gitlab_users’, or a nested group, is able to sign in. Upon initial sign in, GitLab creates a local user account that with the same UID. When the user authenticates in the future, it simply does a bind against LDAP with the supplied password. This gets you out of the business of having to store password hashes.

Anyway, thanks; Looking forward to watching your product grow!