Hey guys, I'll try to write a new blog with all the new features coming with NiFi 1.4.0. All the new stuff to have LDAP sync is really nice.
Pierre 2017-12-03 19:12 GMT+01:00 Kevin Doran <[email protected]>: > Hi Mike, > > You also have to enable the LdapUserGroupProvider in authorizes xml by > uncommenting it, configuring the properties, and changing the > FileAccessPolicyProvider (also in authorizers.xml) to use the > ldap-user-group-provider instead of the default file-user-group-provider. > > Then delete users.xml and authorizations.xml and restart. > > This will disable any certificate-based identities you have configured, so > you will need to choose an ldap-based user to be your initial admin. Or > configure a CompositeUserGroupProvider so that you can use certificates and > only require ldap login in absence of a client certificate. > > -Kevin > > ------------------------------ > *From:* Mike Thomsen <[email protected]> > *Sent:* Sunday, December 3, 2017 9:45:18 AM > > *To:* [email protected] > *Subject:* Re: Buttons are greyed out when initial admin account logs in > > I added the ldap-provider to the identity provider line in > nifi.properties, but I don't see any users from LDAP. I tried deleting > users.xml and authorizations.xml and restarting, but the user listing > doesn't show any of the users from LDAP. Any ideas on how to troubleshoot? > > Thanks, > > Mike > > On Fri, Dec 1, 2017 at 7:05 PM, Kevin Doran <[email protected]> > wrote: > >> Mike, >> >> >> >> I should also mention that since the time of Pierre's inital blog post on >> LDAP integration, support for user & group syncing with LDAP has been added >> to NiFi. See the instructions for the "LdapUserGroupProvider" in >> Authorizers.xml section of the the Admin Guide [1]. >> >> >> >> You will still need to set per-group or per-user policies as the initial >> admin, but you do not need to manually add users and groups in order to set >> policies. Also, your initial admin can use an identity from LDAP rather >> than a certificate (if that is preferred, otherwise, you can still use >> certificates alongside LDAP by using a CompositeUserGroupProvider as >> described in the Admin Guide). >> >> >> >> [1] https://nifi.apache.org/docs/nifi-docs/html/administration-g >> uide.html#authorizers-setup >> >> >> >> -Kevin >> >> >> >> *From: *Kevin Doran <[email protected]> >> *Date: *Friday, December 1, 2017 at 18:43 >> *To: *<[email protected]> >> *Subject: *Re: Buttons are greyed out when initial admin account logs in >> >> >> >> Hi Mike, >> >> >> >> Your authorizers.xml and nifi.properties look correct to me to establish >> the certificate "CN=admin, OU=NIFI" as an admin user. >> >> >> >> Here's one idea that you may have already thought of... the initial admin >> is only granted admin policies if users/policies are empty on startup. Try >> deleting conf/users.xml and conf/authorizations.xml and restarting NiFi. >> >> >> >> Hope this helps! If you have any other questions about configuring LDAP >> or authorizers, let me know. >> >> >> >> Kevin >> >> >> >> >> >> >> >> *From: *Mike Thomsen <[email protected]> >> *Reply-To: *<[email protected]> >> *Date: *Friday, December 1, 2017 at 18:27 >> *To: *<[email protected]> >> *Subject: *Buttons are greyed out when initial admin account logs in >> >> >> >> I'm following Pierre's blog post that shows how to set up LDAP w/ >> ApacheDS: >> >> https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap >> >> I've tried this with 1.4.0 and 1.5.0-SNAPSHOT (toolkits built for each >> too) for what it's worth. >> >> Built the certs with this command: >> >> bin/tls-toolkit.sh standalone -n localhost -C "CN=admin,OU=NIFI" -O -o >> ../security_output >> >> Copied security_output/localhost/* to $NIFI_ROOT/conf >> >> With or without the identity provider set to use the LDAP configuration, >> it's greyed out. >> >> >> >> Any ideas on what I'm doing wrong? >> >> >> >> Thanks, >> >> >> >> Mike >> > >
