|
Group Member Attribute - Referenced User Attribute
|
If blank, the value of the attribute defined in Group Member
Attribute is expected to be the full dn of the user. If not
blank, this property will define the attribute of the user LDAP entry
that the value of the attribute defined in Group Member
Attribute is referencing (i.e. uid). Use of
this property requires that User Search Base is also
configured. (i.e. member: cn=User 1,ou=users,o=nifi vs.
memberUid: user1)
|
|
Authentication Strategy
|
How the connection to the LDAP server is authenticated. Possible values
are ANONYMOUS, SIMPLE,
LDAPS, or START_TLS.
|
|
Manager DN
|
The DN of the manager that is used to bind to the LDAP server to search
for users.
|
|
Manager Password
|
The password of the manager that is used to bind to the LDAP server to
search for users.
|
|
TLS - Keystore
|
Path to the Keystore that is used when connecting to LDAP using LDAPS or
START_TLS.
|
|
TLS - Keystore Password
|
Password for the Keystore that is used when connecting to LDAP using
LDAPS or START_TLS.
|
|
TLS - Keystore Type
|
Type of the Keystore that is used when connecting to LDAP using LDAPS or
START_TLS (i.e. JKS or PKCS12).
|
|
TLS - Truststore
|
Path to the Truststore that is used when connecting to LDAP using LDAPS
or START_TLS.
|
|
TLS - Truststore Password
|
Password for the Truststore that is used when connecting to LDAP using
LDAPS or START_TLS.
|
|
TLS - Truststore Type
|
Type of the Truststore that is used when connecting to LDAP using LDAPS
or START_TLS (i.e. JKS or PKCS12).
|
|
TLS - Client Auth
|
Client authentication policy when connecting to LDAP using LDAPS or
START_TLS. Possible values are REQUIRED,
WANT, NONE.
|
|
TLS - Protocol
|
Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e.
TLS, TLSv1.1,
TLSv1.2, etc).
|
|
TLS - Shutdown Gracefully
|
Specifies whether the TLS should be shut down gracefully before the
target context is closed. Defaults to false.
|
|
Referral Strategy
|
Strategy for handling referrals. Possible values are
FOLLOW, IGNORE,
THROW.
|
|
Connect Timeout
|
Duration of connect timeout. (i.e. 10 secs).
|
|
Read Timeout
|
Duration of read timeout. (i.e. 10 secs).
|
|
Url
|
Space-separated list of URLs of the LDAP servers (i.e.
ldap://<hostname>:<port>).
|
|
Page Size
|
Sets the page size when retrieving users and groups. If not specified, no
paging is performed.
|
|
Sync Interval
|
Duration of time between syncing users and groups. (i.e. 30
mins).
|
|
Group Membership - Enforce Case Sensitivity
|
Sets whether group membership decisions are case sensitive. When a user
or group is inferred (by not specifying or user or group search base or
user identity attribute or group name attribute) case sensitivity is
enforced since the value to use for the user identity or group name would
be ambiguous. Defaults to false.
|
|
User Search Base
|
Base DN for searching for users (i.e. ou=users,o=nifi).
Required to search users.
|
|
User Object Class
|
Object class for identifying users (i.e. person).
Required if searching users.
|
|
User Search Scope
|
Search scope for searching users (ONE_LEVEL,
OBJECT, or SUBTREE). Required if
searching users.
|
|
User Search Filter
|
Filter for searching for users against the User Search
Base (i.e.
(memberof=cn=team1,ou=groups,o=nifi)). Optional.
|
|
User Identity Attribute
|
Attribute to use to extract user identity (i.e. cn).
Optional. If not set, the entire DN is used.
|
|
User Group Name Attribute
|
Attribute to use to define group membership (i.e.
memberof). Optional. If not set group membership will
not be calculated through the users. Will rely on group membership being
defined through Group Member Attribute if set. The value
of this property is the name of the attribute in the user LDAP entry that
associates them with a group. The value of that user attribute could be a
dn or group name for instance. What value is expected is configured in
the User Group Name Attribute - Referenced Group
Attribute.
|
|
User Group Name Attribute - Referenced Group Attribute
|
If blank, the value of the attribute defined in User Group Name
Attribute is expected to be the full dn of the group. If not
blank, this property will define the attribute of the group LDAP entry
that the value of the attribute defined in User Group Name
Attribute is referencing (i.e. name). Use of
this property requires that Group Search Base is also
configured.
|
|
Group Search Base
|
Base DN for searching for groups (i.e.
ou=groups,o=nifi). Required to search groups.
|
|
Group Object Class
|
Object class for identifying groups (i.e. groupOfNames).
Required if searching groups.
|
|
Group Search Scope
|
Search scope for searching groups (ONE_LEVEL,
OBJECT, or SUBTREE). Required if
searching groups.
|
|
Group Search Filter
|
Filter for searching for groups against the Group Search
Base. Optional.
|
|
Group Name Attribute
|
Attribute to use to extract group name (i.e. cn).
Optional. If not set, the entire DN is used.
|
|
Group Member Attribute
|
Attribute to use to define group membership (i.e.
member). Optional. If not set group membership will not
be calculated through the groups. Will rely on group membership being
defined through User Group Name Attribute if set. The
value of this property is the name of the attribute in the group LDAP
entry that associates them with a user. The value of that group attribute
could be a dn or memberUid for instance. What value is expected is
configured in the Group Member Attribute - Referenced User
Attribute. (i.e. member: cn=User
1,ou=users,o=nifi vs. memberUid: user1)
|
