Pass user names and passwords as is

Suppose you need to use ClickHouse LDAP facilities. It is more secure and more flexible than having credentials hardcoded in ClickHouse or a chproxy configuration files. The following chproxy config may be used for this use case:

log_debug: true

users:
  # wildcarded user
  # matches with any name with prefix 'analyst_'
  # e.g. 'analyst_joe' or 'analyst_jane'
  - name: "analyst_*"
    to_cluster: "default"
    to_user: "analyst_*"
    is_wildcarded: true
  - name: "dba"
    password: "dba_ingress_pass"
    to_cluster: "default"
    to_user: "dba"
clusters:
  - name: "default"
    nodes: ["127.0.0.1:8123"]

    users:
    - name: "analyst_*"
    - name: "dba"
      password: "dba_egress_pass"

Wildcarded user has "_*" suffix. Original name and original password are used in requests to ClickHouse

Edit this page on GitHub Updated at Tue, Nov 29, 2022