Mike,
I should also mention that since the time of Pierre's inital blog post on LDAP integration, support for user & group syncing with LDAP has been added to NiFi. See the instructions for the "LdapUserGroupProvider" in Authorizers.xml section of the the Admin Guide [1]. You will still need to set per-group or per-user policies as the initial admin, but you do not need to manually add users and groups in order to set policies. Also, your initial admin can use an identity from LDAP rather than a certificate (if that is preferred, otherwise, you can still use certificates alongside LDAP by using a CompositeUserGroupProvider as described in the Admin Guide). [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#authorizers-setup -Kevin From: Kevin Doran <[email protected]> Date: Friday, December 1, 2017 at 18:43 To: <[email protected]> Subject: Re: Buttons are greyed out when initial admin account logs in Hi Mike, Your authorizers.xml and nifi.properties look correct to me to establish the certificate "CN=admin, OU=NIFI" as an admin user. Here's one idea that you may have already thought of... the initial admin is only granted admin policies if users/policies are empty on startup. Try deleting conf/users.xml and conf/authorizations.xml and restarting NiFi. Hope this helps! If you have any other questions about configuring LDAP or authorizers, let me know. Kevin From: Mike Thomsen <[email protected]> Reply-To: <[email protected]> Date: Friday, December 1, 2017 at 18:27 To: <[email protected]> Subject: Buttons are greyed out when initial admin account logs in I'm following Pierre's blog post that shows how to set up LDAP w/ ApacheDS: https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap I've tried this with 1.4.0 and 1.5.0-SNAPSHOT (toolkits built for each too) for what it's worth. Built the certs with this command: bin/tls-toolkit.sh standalone -n localhost -C "CN=admin,OU=NIFI" -O -o ../security_output Copied security_output/localhost/* to $NIFI_ROOT/conf With or without the identity provider set to use the LDAP configuration, it's greyed out. Any ideas on what I'm doing wrong? Thanks, Mike
