[
https://issues.apache.org/jira/browse/NIFI-3409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Gilman resolved NIFI-3409.
-------------------------------
Resolution: Won't Fix
NIFI-4059 implements a User Group Provider this is sync with a Directory
Server. Given this capability, this issue is OBE. The Ldap User Group Provider
will continue staying in sync based on a configured interval.
> Batch users/groups import - LDAP
> --------------------------------
>
> Key: NIFI-3409
> URL: https://issues.apache.org/jira/browse/NIFI-3409
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework, Core UI
> Reporter: Pierre Villard
> Assignee: Pierre Villard
>
> Creating the sub task to answer:
> {quote}
> Batch user import
> * Whether the users are providing client certificates, LDAP credentials, or
> Kerberos tickets to authenticate, the canonical source of identity is still
> managed by NiFi. I propose a mechanism to quickly define multiple users in
> the system (without affording any policy assignments). Here I am looking for
> substantial community input on the most common/desired use cases, but my
> initial thoughts are:
> ** LDAP-specific
> *** A manager DN and password (similar to necessary for LDAP authentication)
> are used to authenticate the admin/user manager, and then a LDAP query string
> (i.e. {{ou=users,dc=nifi,dc=apache,dc=org}}) is provided and the dialog
> displays/API returns a list of users/groups matching the query. The admin can
> then select which to import to NiFi and confirm.
> {quote}
> In particular the initial implementation would be to add a feature allowing
> to sync users and groups with LDAP based on additional parameters given in
> the login identity provider configuration file and custom filters provided by
> the user through the UI.
> It is not foreseen to delete users/groups that exist in NiFi but are not
> retrieved in the LDAP. It'd be only creating/updating users/groups based on
> what is in LDAP server.
> The feature would be exposed through a new REST API endpoint. In case another
> identity provider is configured (not LDAP), an unsupported operation
> exception would be returned at the moment.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
