Bryan, Thank you very much! This answered my question. I'll have to work on how to get the authorizations.xml to work, as the guide solves the questions that I had.
Best, Mike R On Tue, Dec 14, 2021 at 1:05 PM Bryan Bende <[email protected]> wrote: > CAUTION: This message is from an off campus source. Access to web links > will be filtered (by proxy) for additional protection. Click with caution. > > The admin guide should cover most of the scenarios: > > > https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#ldap-based-usersgroups-referencing-user-dn > > On Tue, Dec 14, 2021 at 12:53 PM Michael Radov (RIT Alumni) > <[email protected]> wrote: > > > > Bryan, > > > > Thank you very much! After setting the ldap-provider information in the > logion-identity-providers.xml and the LDAP Group Provider in the > authorizers.xml, one would use the authorizers.xml file to load the user > groups. There wont be a need to use the files to be a User Group Provider > if I am using just LDAP. Is there a guide that one can use for creating > file-based policy provider information in the authorizations.xml file? > > > > Best, > > Mike R > > > > On Tue, Dec 14, 2021 at 12:14 PM Bryan Bende <[email protected]> wrote: > >> > >> CAUTION: This message is from an off campus source. Access to web links > will be filtered (by proxy) for additional protection. Click with caution. > >> CAUTION: This message came from outside RIT. If you are unsure about > the source or content of this message, please contact the RIT Service > Center at 585-475-5000 or help.rit.edu before clicking links, opening > attachments or responding. > >> > >> > >> Hello, > >> > >> The standard authorizer is composed of a user-group-provider and a > >> policy-provider. The LDAP user-group-provider can be be used to load > >> groups from LDAP, but you still need to define policies on them which > >> would be through a policy-provider, most likely the File-based > >> policy-provider which stores policies in authorizations.xml. > >> > >> Thanks, > >> > >> Bryan > >> > >> On Tue, Dec 14, 2021 at 10:02 AM Michael Radov (RIT Alumni) > >> <[email protected]> wrote: > >> > > >> > Hey, > >> > > >> > I am looking to see if there is a way to get NiFi to read directly > from > >> > LDAP Groups. If this were the case, I would use the User Groupo > Provider to > >> > ldap-user-group-provider. However, would one still need to use an > >> > authorizations file? > >> > > >> > I was reading through the work that Pierre Villard did on LDAP Group > >> > Authentication and authorization > >> > < > https://pierrevillard.com/2017/12/22/authorizations-with-ldap-synchronization-in-apache-nifi-1-4/ > > > >> > using > >> > NiFi in a similar way and wanted to know if the file user group > provider > >> > was necessary? > >> > > >> > Best, > >> > Mike R >
