Configure LDAP User & groups synchronize (NiFi 1.12.1)

Fri, 12 Feb 2021 09:35:37 -0800 

Hi all!
My name is Gaston and I'm a nifi newbie :)
I'm triying to configure my nifi instance to authenticate users via ldap
(MS AD) group membership.
I've already secured my nifi instance. Also the authentication config is
working, but only synchronizes LDAP groups.
I've searched a lot, but still doesn't find where my error is. (I'm
assuming that ldap groups should synchronize members and/or authorize their
members according the policies defined on my nifi instance.
My authorizer config is as follows:
<authorizers>
    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
    </userGroupProvider>
    <userGroupProvider>
        <identifier>ldap-user-group-provider</identifier>
        <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
        <property name="Authentication Strategy">SIMPLE</property>

        <property name="Manager
DN">CN=bindusr,OU=Users,DC=corporation,DC=corp</property>
        <property name="Manager Password">xxxxxxx</property>

        <property name="TLS - Keystore"></property>
        <property name="TLS - Keystore Password"></property>
        <property name="TLS - Keystore Type"></property>
        <property name="TLS - Truststore"></property>
        <property name="TLS - Truststore Password"></property>
        <property name="TLS - Truststore Type"></property>
        <property name="TLS - Client Auth"></property>
        <property name="TLS - Protocol"></property>
        <property name="TLS - Shutdown Gracefully"></property>

        <property name="Referral Strategy">FOLLOW</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>

        <property name="Url">ldap://ldap1.corporate.corp:389
ldap://ldap2.corporate.corp:389</property>
        <property name="Page Size"></property>
        <property name="Sync Interval">30 mins</property>
        <property name="Group Membership - Enforce Case
Sensitivity">false</property>

        <property name="User Search Base">DC=corporate,DC=corp</property>
        <property name="User Object Class">person</property>
        <property name="User Search Scope">SUBTREE</property>
        <!--property name="User Search
Filter">(memberOf=CN=GGG100_OFM_Admin_CORP_PRO_REG,OU=Groups,OU=Central,OU=AR,DC=corporate,DC=corp)</property-->
        <property name="User Search
Filter">(memberOf=CN=*Integracion*,OU=Groups,OU=Central,OU=AR,DC=corporate,DC=corp)</property>
        <property name="User Identity Attribute">sAMAccountName</property>
        <property name="User Group Name Attribute">memberOf</property>
        <property name="User Group Name Attribute - Referenced Group
Attribute"></property>

        <property name="Group Search
Base">OU=Groups,OU=Central,OU=AR,DC=corporate,DC=corp</property>
        <property name="Group Object Class">group</property>
        <property name="Group Search Scope">SUBTREE</property>
        <property name="Group Search
Filter">(cn=GGG_Centrify_Integracion*)</property>
        <property name="Group Name Attribute">name</property>
        <property name="Group Member Attribute">member</property>
        <property name="Group Member Attribute - Referenced User
Attribute">memberOf</property>
    </userGroupProvider>
        <userGroupProvider>
        <identifier>composite-user-group-provider</identifier>

<class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class>
        <property name="Configurable User Group
Provider">file-user-group-provider</property>
        <property name="User Group Provider
1">ldap-user-group-provider</property>
    </userGroupProvider>
    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>

<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group
Provider">composite-user-group-provider</property>
        <property name="Authorizations
File">./conf/authorizations.xml</property>
        <!--property name="Initial Admin
Identity">CN=xxx,OU=xxxxx,OU=Usuarios,OU=Argentina,DC=corporate,DC=corp</property-->
        <property name="Initial Admin Identity">CN=Gas,
OU=ApacheNiFi</property>
        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1"></property>
    </accessPolicyProvider>
    <authorizer>
        <identifier>managed-authorizer</identifier>

<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy
Provider">file-access-policy-provider</property>
    </authorizer>
</authorizers>

Any help would be appreciated!

Reply via email to