Hi Calvin, Glad you found a solution to your issue. You can directly edit the authorizers.xml file as you discovered. If you expect this to occur again, you can also exclude OU from the DN mapping for your users (if you do not want it there for security purposes) [1]. This would result in the following:
nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), DC=(.*?), DC=(.*?), DC=(.*?)$ nifi.security.identity.mapping.value.dn=$1@$3.$4.$5 LDAP DN: CN=alopresto, OU=Apache NiFi, DC=nifi, DC=apache, DC=org —> [email protected] <mailto:[email protected]> If the OU changes in the future, it will not impact the correlation between the LDAP DN and the user identity that NiFi associates with it. [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#identity-mapping-properties Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jul 26, 2017, at 8:09 AM, Banias H <[email protected]> wrote: > > It turns out I can directly update the authorizers.xml. That solved the > issue. Thanks. > > -Calvin > > On Wed, Jul 26, 2017 at 9:44 AM, Banias H <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > Is it possible to update users external to NiFi? > > I have NiFi 1.1 that authenticates users thru LDAP. Recently my organization > updated the OrganizationUnit (OU) in LDAP. Since we set up users' permission > with CN, OU, and DC within NiFi, the OU change suddenly prevented people from > using NiFi. We can all log into NiFi but we can only see a screen with > "Unable to perform the desired action due to insufficient permissions." page. > > Is there any way we can update the users (specifically the OU) used by NiFi > externally? I would appreciate any info on this. > > Thanks, > BH >
signature.asc
Description: Message signed with OpenPGP using GPGMail
