Yes, that is correct. You can set authorization policies to a group identity or 
a user identity, where those identities are loaded from the LDAP directory and 
kept in sync.

 

From: Mike Thomsen <mikerthom...@gmail.com>
Reply-To: <users@nifi.apache.org>
Date: Tuesday, November 21, 2017 at 13:06
To: <users@nifi.apache.org>
Subject: Re: NiFi and Active Directory

 

Ok, I think I understand (my knowledge of LDAP is very weak). So it really 
depends on the configuration they're using how far you can go with LDAP here, 
but as a fall back you can identify a user with LDAP and then hard-code 
authorization statements with the file-based access control provider.

Sound right?

Thanks,

Mike

 

On Tue, Nov 21, 2017 at 12:24 PM, Kevin Doran <kdoran.apa...@gmail.com> wrote:

Hi Mike,

 

I've configured NiFi 1.4.0 using LDAP-backed users and groups. The 
LdapProvider, configured in login-identity-providers.xml and the 
LdapUserGroupProvider, configured in authorizers.xml, both let you specify a 
user search base and as user search filter, so depending on the structure of 
your directory, that may be enough to limit authentication (and therefore 
authorization) to a single group. If not, you might have to set broader user 
search/filter parameters, and set access policies (e.g., using a 
FileAccessPolicyProvider) to grant R/W policies to a particular group identity 
after you've configured LDAP integration. 

 

Does that make sense? I hope this helps, feel free to post back to this thread 
if you have any other questions configuring AD integration through LDAP.

 

Kevin

 

From: Mike Thomsen <mikerthom...@gmail.com>
Reply-To: <users@nifi.apache.org>
Date: Tuesday, November 21, 2017 at 11:54
To: <users@nifi.apache.org>
Subject: NiFi and Active Directory

 

Does anyone have any experience using AD as the backend for NiFi's 
authentication and authorization? I've never had to work with it before, but it 
seems like we can use it as either a LDAP provider or a Kerberos 
implementation. Does anyone have any recommendations on how to do the 
integration so that only specific users in a particular group can be authorized 
to work with NiFi?

 

Thanks,

 

Mike

 

Reply via email to