Hello fellow NiFi Users, I am trying to configure authorization using the LdapUserGroupProvider. The documentation is clear : specify your "User Search Base" and "Group Search Base" and define membership either using "User Group Name Attribute" such as "memberOf" or the other way around using "Group Member Attribute" such as "member". All that is clear and works perfectly but my problems is as follows:
I have two levels of groups in my directory e.g. GroupA contains Group1 and Group2 GroupB contains Group2 and Group3 GroupC contains Group1 and Group3 Group1 contains User1 and User2 Group2 contains User1 and User3 LDIF looks something like this: dn: CN=GroupA .... member: CN= Group1 .. member: CN= Group2 .. ----- dn: CN=Group1 .... member: CN=User1 .. member: CN=User2.. . memberOf: CN=GroupA ... memberOf: CN=GroupC ... ---- dn: CN=User1.... memberOf: CN=Group1 ... memberOf: CN=Group2 ... ------ No direct link between a user and a level 1 group (GroupA, GroupB..) I would like to note that groups of level 1 (GroupA, GroupB ..) are not in the same branch in the DIT as those of level 2 (Group1, Group2 ..). The requirement is that the groups used to manage authorization and that should show in the NIFI UI are those of level 1 (GroupA, GroupB..) and that users should be assigned to the groups containing their direct groups for instance User1 (who is a direct member of Group1 and Group2) should be displayed as a member of groups (GroupA, GroupB and GroupC). And level 2 groups (Group1, Group2..) must not show and must not be used directly in the UI but only as link between users and level 1 groups. So to sum up, NIFI should take into account only level1 groups and handle transitive memberships through level2 groups. Thank you in advance for your answers. Best Regards, Moncef
