[
https://issues.apache.org/jira/browse/NIFI-10930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17643409#comment-17643409
]
David Handermann commented on NIFI-10930:
-----------------------------------------
Commit
[https://github.com/apache/nifi/commit/0ebc6d31489e975dcbbe078fa572332ef8ffa9e2]
referenced this issue in error, it should have referenced NIFI-10931.
> LDAP binding should support external SASL authentication
> --------------------------------------------------------
>
> Key: NIFI-10930
> URL: https://issues.apache.org/jira/browse/NIFI-10930
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Paul Kelly
> Priority: Minor
>
> Binding to an LDAP server could use a client TLS certificate for External
> SASL authentication instead of manager DN and password.
> Currently the LdapProviders in NiFi all use
> DefaultTlsDirContextAuthenticationStrategy, which requires a DN and password
> to bind to the LDAP server; however, Spring LDAP also has
> ExternalTlsDirContextAuthenticationStrategy, which supports External SASL
> authentication using only a client TLS certificate.
> The LdapProviders in NiFi could be modified to use
> ExternalTlsDirContextAuthenticationStrategy instead of
> DefaultTlsDirContextAuthenticationStrategy when a client TLS certificate is
> configured and manager DN and password are empty. This would enable binding
> to an LDAP server (including Active Directory) with a certificate instead of
> a username and password, which simplifies management in environments that
> require password rotations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
