Installing and Upgrading NiFi
Also available as:
PDF

Standalone Instance, LDAP

Use this configuration to run NiFi in a standalone instance with a lightweight access security protocol (LDAP).

In this configuration, you must to provide the following:

  • Certificates and the associated configuration information.

    Optionally, if the LDAP provider of interest is operating in LDAPS or START_TLS modes, you will need to provide certificates.

    [Note]Note

    The AUTH environment variable is set to ldap.

  • A DN as provided by the configured LDAP server in the INITIAL_ADMIN_IDENTITY environment variable.

    This value will be used to seed the instance with an initial user with administrative privileges.

  • A volume to provide certificates on the host system to the container instance.

Enter the following for a minimal connection to an LDAP server using SIMPLE authentication:

docker run --name nifi \
  -v /User/dreynolds/certs/localhost:/opt/certs \
  -p 18443:8443 \
  -e AUTH=tls \
  -e KEYSTORE_PATH=/opt/certs/keystore.jks \
  -e KEYSTORE_TYPE=JKS \
  -e KEYSTORE_PASSWORD=QKZv1hSWAFQYZ+WU1jjF5ank+l4igeOfQRp+OSbkkrs \
  -e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
  -e TRUSTSTORE_PASSWORD=rHkWR1gDNW3R9hgbeRsT3OM3Ue0zwGtQqcFKJD2EXWE \
  -e TRUSTSTORE_TYPE=JKS \
  -e INITIAL_ADMIN_IDENTITY='cn=admin,dc=example,dc=org' \
  -e LDAP_AUTHENTICATION_STRATEGY='SIMPLE' \
  -e LDAP_MANAGER_DN='cn=admin,dc=example,dc=org' \
  -e LDAP_MANAGER_PASSWORD='password' \
  -e LDAP_USER_SEARCH_BASE='dc=example,dc=org' \
  -e LDAP_USER_SEARCH_FILTER='cn={0}' \
  -e LDAP_IDENTITY_STRATEGY='USE_DN' \
  -e LDAP_URL='ldap://ldap:389' \
  -d \
  apache/nifi:latest

You can add the following, optional environment variables to the above command when connecting to a secure LDAP server configured with START_TLS or LDAPS:

-e LDAP_TLS_KEYSTORE: ''
-e LDAP_TLS_KEYSTORE_PASSWORD: ''
-e LDAP_TLS_KEYSTORE_TYPE: ''
-e LDAP_TLS_TRUSTSTORE: ''
-e LDAP_TLS_TRUSTSTORE_PASSWORD: ''
-e LDAP_TLS_TRUSTSTORE_TYPE: ''