Standalone Instance, LDAP
Use this configuration to run NiFi in a standalone instance with a lightweight access security protocol (LDAP).
In this configuration, you must to provide the following:
Certificates and the associated configuration information.
Optionally, if the LDAP provider of interest is operating in LDAPS or START_TLS modes, you will need to provide certificates.
![[Note]](../common/images/admon/note.png)
Note The
AUTHenvironment variable is set toldap.A DN as provided by the configured LDAP server in the
INITIAL_ADMIN_IDENTITYenvironment variable.This value will be used to seed the instance with an initial user with administrative privileges.
A volume to provide certificates on the host system to the container instance.
Enter the following for a minimal connection to an LDAP server using SIMPLE authentication:
docker run --name nifi \
-v /User/dreynolds/certs/localhost:/opt/certs \
-p 18443:8443 \
-e AUTH=tls \
-e KEYSTORE_PATH=/opt/certs/keystore.jks \
-e KEYSTORE_TYPE=JKS \
-e KEYSTORE_PASSWORD=QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs \
-e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
-e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \
-e TRUSTSTORE_TYPE=JKS \
-e INITIAL_ADMIN_IDENTITY='cn=admin,dc=example,dc=org' \
-e LDAP_AUTHENTICATION_STRATEGY='SIMPLE' \
-e LDAP_MANAGER_DN='cn=admin,dc=example,dc=org' \
-e LDAP_MANAGER_PASSWORD='password' \
-e LDAP_USER_SEARCH_BASE='dc=example,dc=org' \
-e LDAP_USER_SEARCH_FILTER='cn={0}' \
-e LDAP_IDENTITY_STRATEGY='USE_DN' \
-e LDAP_URL='ldap://ldap:389' \
-d \
apache/nifi:latest
You can add the following, optional environment variables to the above command when connecting to a secure LDAP server configured with START_TLS or LDAPS:
-e LDAP_TLS_KEYSTORE: '' -e LDAP_TLS_KEYSTORE_PASSWORD: '' -e LDAP_TLS_KEYSTORE_TYPE: '' -e LDAP_TLS_TRUSTSTORE: '' -e LDAP_TLS_TRUSTSTORE_PASSWORD: '' -e LDAP_TLS_TRUSTSTORE_TYPE: ''