Thanks Bryan. With your answer.... I will go to the Node Group and assign node identities. Better for deployment and setup on the fly, I guess.
One more point, you said "creating ldap entries for your nodes and assigning them group membership in ldap". What type of objectClass would you assign to the node in LDAP ? This is not inetOrgPerson. The node should not have password. If I create groupOfMembers for each node, is it correct ? Thanks Etienne Le lun. 23 nov. 2020 à 17:27, Bryan Bende <bbe...@gmail.com> a écrit : > Hello, > > "Node Identity" is similar to the "Initial Admin" concept, in that it > sets up the policies for the initial nodes to have permissions to > proxy. > > If you are creating ldap entries for your nodes and assigning them > group membership in ldap, then yes you could put that group name as > the "Node Group" and then you don't need to specify the "Node > Identities". > > If you are creating the node users in NiFi's file-based user group > provider then you need to use node identities, and when adding a new > node to the cluster you'd have to add the user first through the > UI/REST API and grant it proxy, then actually connect it to the > cluster. > > Thanks, > > Bryan > > > On Mon, Nov 23, 2020 at 7:58 AM Etienne Jouvin <lapinoujou...@gmail.com> > wrote: > > > > Hello all. > > > > > > I am currently setting up a NiFi, 1.12.1, Cluster with LDAP > authentication. > > For now the accessPolicyProvider is the default one with the > configuration template : > > <accessPolicyProvider> > > <identifier>file-access-policy-provider</identifier> > > > <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> > > <property name="User Group > Provider">file-user-group-provider</property> > > <property name="Authorizations > File">./conf/authorizations.xml</property> > > <property name="Initial Admin Identity"></property> > > <property name="Legacy Authorized Users File"></property> > > <property name="Node Identity 1"></property> > > <property name="Node Group"></property> > > </accessPolicyProvider> > > > > But I do not really understand the purpose of the Node Identity X > property. > > If I well understood, all nodes should have the same configuration file, > and I should register all nodes identity. > > > > But what about if I want to add a new node in the cluster on the fly ? > > Should I register a new node identity, and then I should change all > nodes configurations ? > > The comment, in the configuration file, mentions the configuration Node > Group, The name of a group containing NiFi cluster nodes. The typical use > for this is when nodes are dynamically added/removed from the cluster. > > Should I just put a Node group name and this will do the trick ? > > > > What should I put ? At the following link, > https://docs.cloudera.com/HDPDocuments/HDF3/HDF-3.0.3/bk_administration/content/cluster-node-identities.html, > it is said something like : cn=nifi-1,ou=people,dc=example,dc=com > > In that case, what should be the obejct class for the node cn=nifi-1 in > the LDAP ? > > > > Any documentation links will be appreciated. > > > > Regards. > > > > Etienne Jouvin >