It also matters how you have configured the LDAP identity provider. There is an option for 'Identity Strategy' which determines if the DN or USERNAME are returned from LDAP, and whatever is returned would have to match your identity mapping pattern. So for example, if username is returned, then your DN pattern won't match.
Also, the identity transform was added in 1.7.0 so you would have to be on that version. https://issues.apache.org/jira/browse/NIFI-5135 On Tue, Sep 25, 2018 at 8:37 AM Dnyaneshwar Pawar <[email protected]> wrote: > > Hi Bryan, > > I may not have followed you completely, however, I tried below and its not > working: > > nifi.security.identity.mapping.pattern.dn=^uid=(.*?),ou=(.*?),o=(.*?)$ > #LDAP DN Pattern > nifi.security.identity.mapping.value.dn=$1 > nifi.security.identity.mapping.transform.dn=LOWER > > I deleted authorizations.xml file and restarted nifi to check if login works. > > > > Regards, > Dnyaneshwar Pawar > > > -----Original Message----- > From: Bryan Bende <[email protected]> > Sent: Wednesday, September 19, 2018 6:40 PM > To: [email protected] > Subject: ***UNCHECKED*** Re: Case insensitive NiFi Login > > Hello, > > I don't think you can make it truly case insensitive, but you can use the > identity mappings to transform the incoming identity to either upper case or > lower case: > > nifi.security.identity.mapping.transform.dn=LOWER > > Assuming you make nifi.security.identity.mapping.pattern.dn match your LDAP > DN pattern. > > -Bryan > > On Wed, Sep 19, 2018 at 8:57 AM Dnyaneshwar Pawar > <[email protected]> wrote: > > > > Hi, > > > > We observed NiFi authorization is case sensitive on the NiFi integrated > > with LDAP. It complains insufficient permissions (Unknown user with > > Identity … ) when tried to log in with the username case change. Is there > > any way to disable this behavior and make the username as case insensitive? > > > > > > > > Regards, > > > > Dnyaneshwar Pawar > > > > > DISCLAIMER > ========== > This e-mail may contain privileged and confidential information which is the > property of Persistent Systems Ltd. It is intended only for the use of the > individual or entity to which it is addressed. If you are not the intended > recipient, you are not authorized to read, retain, copy, print, distribute or > use this message. If you have received this communication in error, please > notify the sender and delete all copies of this message. Persistent Systems > Ltd. does not accept any liability for virus infected mails.
