LDAP Login Identity Provider Configuration

Cloudera Manager has default LDAP login identity provider properties available for configuration. You can use the following to set up the Default LDAP login provider for CFM services.

Table 1. NiFi Properties
Property Name Description Default Value
xml.loginIdentityProviders.provider.ldap-provider.class Default LDAP Provider Class org.apache.nifi.ldap.LdapProvider"
xml.loginIdentityProviders.provider.ldap-provider.property.Identity Strategy Default LDAP Identity Strategy USE_DN
xml.loginIdentityProviders.provider.ldap-provider.property.Authentication Strategy Default LDAP Authentication Strategy START_TLS
xml.loginIdentityProviders.provider.ldap-provider.property.Manager DN Default LDAP Manager DN
xml.loginIdentityProviders.provider.ldap-provider.property.Manager Password Default LDAP Manager Password
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore Default LDAP TLS - Keystore
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore Password Default LDAP TLS - Keystore Password
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore Type Default LDAP TLS - Keystore Type
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore Default LDAP TLS - Truststore
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore Password Default LDAP TLS - Truststore Password
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore Type Default LDAP TLS - Truststore Type
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Client Auth Default LDAP TLS - Client Auth
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Protocol Default LDAP TLS - Protocol
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Shutdown Gracefully Default LDAP TLS - Shutdown Gracefully
xml.loginIdentityProviders.provider.ldap-provider.property.Referral Strategy Default LDAP - Referral Strategy FOLLOW
xml.loginIdentityProviders.provider.ldap-provider.property.Connect Timeout Default LDAP Connect Timeout 10 secs
xml.loginIdentityProviders.provider.ldap-provider.property.Read Timeout Default LDAP Read Timeout 10 secs
xml.loginIdentityProviders.provider.ldap-provider.property.Url Default LDAP Url ldap://localhost:389
xml.loginIdentityProviders.provider.ldap-provider.property.User Search Base Default LDAP User Search Base sAMAccountName={0}
xml.loginIdentityProviders.provider.ldap-provider.property.User Search Filter Default LDAP User Search Filter
xml.loginIdentityProviders.provider.ldap-provider.property.Authentication Expiration Default LDAP Authentication Expiration 12 hours

You can add any properties that are not available by default in Cloudera Manager using the safety valves for loginIdentityProviders.

Table 2. NiFi Registry Properties
Property Name Description Default Value
xml.identityProviders.provider.ldap-provider.class Default LDAP Provider Class org.apache.nifi.registry.security.ldap.LdapIdentityProvider
xml.identityProviders.provider.ldap-provider.property.Identity Strategy Default LDAP Identity Strategy START_TLS
xml.identityProviders.provider.ldap-provider.property.Authentication Strategy Default LDAP Authentication Strategy
xml.identityProviders.provider.ldap-provider.property.Manager DN Default LDAP Manager DN
xml.identityProviders.provider.ldap-provider.property.Manager Password Default LDAP Manager Password
xml.identityProviders.provider.ldap-provider.property.Connect Timeout Default LDAP Connect Timeout 10 secs
xml.identityProviders.provider.ldap-provider.property.Read Timeout Default LDAP Read Timeout 10 secs
xml.identityProviders.provider.ldap-provider.property.Url Default LDAP Url ldap://localhost:389
xml.identityProviders.provider.ldap-provider.property.User Search Base Default LDAP User Search Base OU=Users,DC=example,DC=com

xml.identityProviders.provider.ldap-provider.property.User Search Filter

Default LDAP User Search Filter

sAMAccountName={0}
xml.identityProviders.provider.ldap-provider.property.Authentication Expiration Default LDAP Authentication Expiration 12 hours
xml.identityProviders.provider.ldap-provider.property.Referral Strategy Default LDAP - Referral Strategy FOLLOW