rks specifically, but a
>>>>> commercial data virtualization app we use is able to import LDAP groups
>>>>> that contain multiple levels of nested groups. Our LDAP groups have an
>>>>> owner, 1 or more supervisors and 1 or more members.
>>>>>
s and 1 or more members.
>>>>
>>>>
>>>>
>>>> The app can only see LDAP members, so the key for us was to point the
>>>> config settings to the correct spot within our LDAP forest…initially we
>>>> didn’t point it correctly
after a bit of
>>> trial and error, finally got nested groups working, and we’ve tested down 5
>>> levels of nesting.
>>>
>>>
>>>
>>> Mike Sofen
>>>
>>>
>>>
>>> *From:* Jens M. Kofoed
>>> *Sent:* Friday, July 24,
gt;
>> Mike Sofen
>>
>>
>>
>> *From:* Jens M. Kofoed
>> *Sent:* Friday, July 24, 2020 9:42 AM
>> *To:* users@nifi.apache.org
>> *Subject:* Re: Nested groups for LdapUserGroupProvider
>>
>>
>>
>> Hi
>>
>>
>
ke Sofen
>
>
>
> *From:* Jens M. Kofoed
> *Sent:* Friday, July 24, 2020 9:42 AM
> *To:* users@nifi.apache.org
> *Subject:* Re: Nested groups for LdapUserGroupProvider
>
>
>
> Hi
>
>
>
> From my knowledge and playing with ldap and nifi. Nifi “imports” users and
Sofen
From: Jens M. Kofoed
Sent: Friday, July 24, 2020 9:42 AM
To: users@nifi.apache.org
Subject: Re: Nested groups for LdapUserGroupProvider
Hi
>From my knowledge and playing with ldap and nifi. Nifi “imports” users and
>groups into nifi and nifi does not support groups in
Hi
From my knowledge and playing with ldap and nifi. Nifi “imports” users and
groups into nifi and nifi does not support groups in groups.
In my setup it looks like it imports groups first. Next it imports users. If a
user is memberOf an imported group it will be connected to the group in nifi.
>From my limited knowledge of how the LDAP providers work, I'm not aware of
anything that would handle transitive group membership, but others may know
more.
On Fri, Jul 24, 2020 at 11:18 AM Moncef Abboud
wrote:
> Thank you for your reply Bryan.
>
> Yes, I understand that they are related. But
Thank you for your reply Bryan.
Yes, I understand that they are related. But I still don't see how to
address my nested groups problem since the configuration properties only
talk about direct relationships.
Le ven. 24 juil. 2020 à 17:08, Bryan Bende a écrit :
> There are two different but
There are two different but related things...
LdapIdentityProvider for authentication.
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#ldap_login_identity_provider
LdapUserGroupProvider for authorization.
Hello Juan,
Thank you for your response. I am not sure that I understand what you mean.
I believe LdapProvider is used for authentication and doesn't have much to
do with group memberships and authorization.
Moncef
Le ven. 24 juil. 2020 à 16:55, Juan Pablo Gardella <
Maybe that scenario is not supported, but you can start playing with that
custom scenario. LDAP provider is configurable by XML
*ldap-provider*
org.apache.nifi.ldap.LdapProvider
Juan
On Fri, 24 Jul 2020 at 08:20, Moncef Abboud
wrote:
> Hello fellow NiFi Users,
>
> I am trying
Hello fellow NiFi Users,
I am trying to configure authorization using the LdapUserGroupProvider. The
documentation is clear : specify your "User Search Base" and "Group Search
Base" and define membership either using "User Group Name Attribute" such
as "memberOf" or the other way around using
13 matches
Mail list logo