Hi all! My name is Gaston and I'm a nifi newbie :) I'm triying to configure my nifi instance to authenticate users via ldap (MS AD) group membership. I've already secured my nifi instance. Also the authentication config is working, but only synchronizes LDAP groups. I've searched a lot, but still doesn't find where my error is. (I'm assuming that ldap groups should synchronize members and/or authorize their members according the policies defined on my nifi instance. My authorizer config is as follows: <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> </userGroupProvider> <userGroupProvider> <identifier>ldap-user-group-provider</identifier> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> <property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">CN=bindusr,OU=Users,DC=corporation,DC=corp</property> <property name="Manager Password">xxxxxxx</property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore"></property> <property name="TLS - Truststore Password"></property> <property name="TLS - Truststore Type"></property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol"></property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://ldap1.corporate.corp:389 ldap://ldap2.corporate.corp:389</property> <property name="Page Size"></property> <property name="Sync Interval">30 mins</property> <property name="Group Membership - Enforce Case Sensitivity">false</property> <property name="User Search Base">DC=corporate,DC=corp</property> <property name="User Object Class">person</property> <property name="User Search Scope">SUBTREE</property> <!--property name="User Search Filter">(memberOf=CN=GGG100_OFM_Admin_CORP_PRO_REG,OU=Groups,OU=Central,OU=AR,DC=corporate,DC=corp)</property--> <property name="User Search Filter">(memberOf=CN=*Integracion*,OU=Groups,OU=Central,OU=AR,DC=corporate,DC=corp)</property> <property name="User Identity Attribute">sAMAccountName</property> <property name="User Group Name Attribute">memberOf</property> <property name="User Group Name Attribute - Referenced Group Attribute"></property> <property name="Group Search Base">OU=Groups,OU=Central,OU=AR,DC=corporate,DC=corp</property> <property name="Group Object Class">group</property> <property name="Group Search Scope">SUBTREE</property> <property name="Group Search Filter">(cn=GGG_Centrify_Integracion*)</property> <property name="Group Name Attribute">name</property> <property name="Group Member Attribute">member</property> <property name="Group Member Attribute - Referenced User Attribute">memberOf</property> </userGroupProvider> <userGroupProvider> <identifier>composite-user-group-provider</identifier> <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class> <property name="Configurable User Group Provider">file-user-group-provider</property> <property name="User Group Provider 1">ldap-user-group-provider</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">composite-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <!--property name="Initial Admin Identity">CN=xxx,OU=xxxxx,OU=Usuarios,OU=Argentina,DC=corporate,DC=corp</property--> <property name="Initial Admin Identity">CN=Gas, OU=ApacheNiFi</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1"></property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers> Any help would be appreciated!