Hi Fredrik, These are some good ideas.
If we did support multiple initial admins, I would suggest it be done through multiple elements, rather than a comma separate list since commas are part of a DN which could be a single user. We already support this patter in the new user group provider: <property name="Initial User Identity 1"></property> <property name="Initial User Identity 2"></property> <property name="Initial User Identity 3"></property> Down in the policy provider we currently only support a single property called "Initial Admin", but that could possibly be: <property name="Initial Admin Identity 1"></property> <property name="Initial Admin Identity 2"></property> <property name="Initial Admin Identity 3"></property> I would think groups could be done similarly by providing a group to the user group provider and then declaring that group to be an admin, possibly: <property name="Initial User Group Identity 1"></property> and <property name="Initial Group Admin Identity 1"></property> -Bryan On Thu, Oct 19, 2017 at 10:56 AM, Fredrik Skolmli <[email protected]> wrote: > Hi all. > > With the ability to populate NiFi with users and groups from LDAP (as of > 1.4.0(?)), I'm running into a few tasks that could be avoided or improved. > > I would like to specify a group as the initial admin identity instead of a > single user, enabling the group members to log in and do the initial setup > of new NiFi instances. > > Another option, as a quickfix, would be to allow the initial admin identity > property to be a comma separated value (i.e. "admin1,admin2"). > > The latter would be a rather small patch to implement, but I would some > appreciate feedback from the community on what the best and most reliable > approach would be. Or if both would be considered. > > ..or are there any other ideas on the roadmap to solve this that I haven't > found in JIRA or thought of myself? > > Thanks. > > BR, > Fredrik
