Skip to content
Chproxy
GitHubTwitter

Pass user names and passwords as is

Suppose you need to use ClickHouse LDAP facilities. It is more secure and more flexible than having credentials hardcoded in ClickHouse or a chproxy configuration files. The following chproxy config may be used for this use case:

log_debug: true

users:
  # wildcarded user
  # matches with any name with prefix 'analyst_'
  # e.g. 'analyst_joe' or 'analyst_jane'
  - name: "analyst_*"
    to_cluster: "default"
    to_user: "analyst_*"
    is_wildcarded: true
  - name: "dba"
    password: "dba_ingress_pass"
    to_cluster: "default"
    to_user: "dba"
clusters:
  - name: "default"
    nodes: ["127.0.0.1:8123"]

    users:
    - name: "analyst_*"
    - name: "dba"
      password: "dba_egress_pass"

Wildcarded user has ”_*” suffix. Original name and original password are used in requests to ClickHouse