NIFI-655: - Pre-populating the login-identity-providers.xml file with necessary properties and documentation. - Renaming the Authentication Duration property name.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/e61a3690 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/e61a3690 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/e61a3690 Branch: refs/heads/master Commit: e61a36908917c4053417cf2717acdc4711962b2b Parents: 91573cb Author: Matt Gilman <[email protected]> Authored: Mon Nov 23 09:19:32 2015 -0500 Committer: Matt Gilman <[email protected]> Committed: Mon Nov 23 09:19:32 2015 -0500 ---------------------------------------------------------------------- .../resources/conf/login-identity-providers.xml | 70 ++++++++++++++++++++ .../java/org/apache/nifi/ldap/LdapProvider.java | 6 +- 2 files changed, 73 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/e61a3690/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml index 191637b..926ed9a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/login-identity-providers.xml @@ -19,4 +19,74 @@ must be specified in the nifi.properties file. --> <loginIdentityProviders> + <!-- + Identity Provider for users logging in with username/password against an LDAP server. + + 'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible + values are ANONYMOUS, SIMPLE, or START_TLS. + + 'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users. + 'Manager Password' - The password of the manager that is used to bind to the LDAP server to + search for users. + + 'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using START_TLS. + 'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP + using START_TLS. + 'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using + START_TLS (i.e. JKS or PKCS12). + 'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using START_TLS. + 'TLS - Truststore Password' - Password for the Truststore that is used when connecting to + LDAP using START_TLS. + 'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using + START_TLS (i.e. JKS or PKCS12). + 'TLS - Client Auth' - Client authentication policy when connecting to LDAP using START_TLS. + Possible values are REQUIRED, WANT, NONE. + 'TLS - Protocol' - Protocol to use when connecting to LDAP using START_TLS. (i.e. TLS, + TLSv1.1, TLSv1.2, etc). + 'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully + before the target context is closed. Defaults to false. + + 'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW. + 'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs). + 'Read Timeout' - Duration of read timeout. (i.e. 10 secs). + + 'Url' - Url of the LDAP servier (i.e. ldap://<hostname>:<port>). + 'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com). + 'User Search Filter' - Filter for searching for users against the 'User Search Base'. + (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'. + + 'Authentication Expiration' - The duration of how long the user authentication is valid + for. If the user never logs out, they will be required to log back in following + this duration. + --> + <!-- To enable the ldap-provider remove 2 lines. This is 1 of 2. + <provider> + <identifier>ldap-provider</identifier> + <class>org.apache.nifi.ldap.LdapProvider</class> + <property name="Authentication Strategy">START_TLS</property> + + <property name="Manager DN"></property> + <property name="Manager Password"></property> + + <property name="TLS - Keystore"></property> + <property name="TLS - Keystore Password"></property> + <property name="TLS - Keystore Type"></property> + <property name="TLS - Truststore"></property> + <property name="TLS - Truststore Password"></property> + <property name="TLS - Truststore Type"></property> + <property name="TLS - Client Auth"></property> + <property name="TLS - Protocol"></property> + <property name="TLS - Shutdown Gracefully"></property> + + <property name="Referral Strategy">FOLLOW</property> + <property name="Connect Timeout">10 secs</property> + <property name="Read Timeout">10 secs</property> + + <property name="Url"></property> + <property name="User Search Base"></property> + <property name="User Search Filter"></property> + + <property name="Expiration Duration">1 day</property> + </provider> + To enable the ldap-provider remove 2 lines. This is 2 of 2. --> </loginIdentityProviders> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/e61a3690/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java index cfa0bf8..4dc7ea4 100644 --- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java +++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java @@ -75,9 +75,9 @@ public class LdapProvider implements LoginIdentityProvider { @Override public final void onConfigured(final LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { - final String rawExpiration = configurationContext.getProperty("Expiration Duration"); + final String rawExpiration = configurationContext.getProperty("Authentication Expiration"); if (StringUtils.isBlank(rawExpiration)) { - throw new ProviderCreationException("The Expiration Duration must be specified."); + throw new ProviderCreationException("The Authentication Expiration must be specified."); } try { @@ -98,7 +98,7 @@ public class LdapProvider implements LoginIdentityProvider { if (!baseEnvironment.isEmpty()) { context.setBaseEnvironmentProperties(baseEnvironment); } - + // authentication strategy final String rawAuthenticationStrategy = configurationContext.getProperty("Authentication Strategy"); final LdapAuthenticationStrategy authenticationStrategy;
