Hi Mike,
I've configured NiFi 1.4.0 using LDAP-backed users and groups. The LdapProvider, configured in login-identity-providers.xml and the LdapUserGroupProvider, configured in authorizers.xml, both let you specify a user search base and as user search filter, so depending on the structure of your directory, that may be enough to limit authentication (and therefore authorization) to a single group. If not, you might have to set broader user search/filter parameters, and set access policies (e.g., using a FileAccessPolicyProvider) to grant R/W policies to a particular group identity after you've configured LDAP integration. Does that make sense? I hope this helps, feel free to post back to this thread if you have any other questions configuring AD integration through LDAP. Kevin From: Mike Thomsen <[email protected]> Reply-To: <[email protected]> Date: Tuesday, November 21, 2017 at 11:54 To: <[email protected]> Subject: NiFi and Active Directory Does anyone have any experience using AD as the backend for NiFi's authentication and authorization? I've never had to work with it before, but it seems like we can use it as either a LDAP provider or a Kerberos implementation. Does anyone have any recommendations on how to do the integration so that only specific users in a particular group can be authorized to work with NiFi? Thanks, Mike
