LDAP Login Identity Provider Configuration
Cloudera Manager has default LDAP login identity provider properties available for configuration. You can use the following to set up the Default LDAP login provider for CFM services.
Property Name | Description | Default Value |
nifi.security.user.login.identity.provider | Indicates the type of login identity provider. Enter:
|
Property Name | Description | Possible Values |
xml.loginIdentityProviders.provider.ldap-provider.class | Default LDAP Provider Class | org.apache.nifi.ldap.LdapProvider |
xml.loginIdentityProviders.provider.ldap-provider.property.Identity Strategy | Strategy to identify users. The default functionality if this property is
missing is
|
USE_DN (default), USE_USERNAME |
xml.loginIdentityProviders.provider.ldap-provider.property.Authentication Strategy | How the connection to the LDAP server is authenticated. | ANONYMOUS, SIMPLE, LDAPS, START_TLS (default) |
xml.loginIdentityProviders.provider.ldap-provider.property.Manager DN | The DN of the manager that is used to bind to the LDAP server to search for users. | |
xml.loginIdentityProviders.provider.ldap-provider.property.Manager Password | The password of the manager that is used to bind to the LDAP server to search for users. | |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore | Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS. | |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore Password | Password for the Keystore that is used when connecting to LDAP using LDAPS or START_TLS. | |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore Type | Type of the Keystore that is used when connecting to LDAP using LDAPS or START_TLS. | Examples: JKS, PKCS12 |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore | Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS. | |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore Password | Password for the Truststore that is used when connecting to LDAP using LDAPS or START_TLS. | |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore Type | Type of the Truststore that is used when connecting to LDAP using LDAPS or START_TLS. | Examples: JKS, PKCS12 |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Client Auth | Client authentication policy when connecting to LDAP using LDAPS or START_TLS. | REQUIRED, WANT, NONE |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Protocol | Protocol to use when connecting to LDAP using LDAPS or START_TLS. | Examples: TLS, TLSv1.1, TLSv1.2 |
xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Shutdown Gracefully | Specifies whether the TLS should be shut down gracefully before the target context is closed. | TRUE, FALSE (default) |
xml.loginIdentityProviders.provider.ldap-provider.property.Referral Strategy | Strategy for handling referrals. | FOLLOW (default), IGNORE, THROW |
xml.loginIdentityProviders.provider.ldap-provider.property.Connect Timeout | Duration of connect timeout. | Example: 10 secs (default) |
xml.loginIdentityProviders.provider.ldap-provider.property.Read Timeout | Duration of read timeout. | Example: 10 secs (default) |
xml.loginIdentityProviders.provider.ldap-provider.property.Url | Space-separated list of URLs of the LDAP servers
(ldap://<hostname>:<port> ) |
Example: ldap://localhost:389 |
xml.loginIdentityProviders.provider.ldap-provider.property.User Search Base | Base DN for searching for users. | Example: CN=Users,DC=example,DC=com |
xml.loginIdentityProviders.provider.ldap-provider.property.User Search Filter | Filter for searching for users against the User Search Base. | Example: sAMAccountName={0}The user specified name is inserted into
|
xml.loginIdentityProviders.provider.ldap-provider.property.Authentication Expiration | The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration. | Example: 12 hours (default) |
You can add any properties that are not available by default in Cloudera Manager to the
login-identity-providers.xml
file using the NiFi Node Advanced
Configuration Snippet (Safety Valve) for staging/login-identity-providers.xml.
Property Name | Description | Default Value |
nifi.registry.security.identity.provider | Indicates the type of login identity provider. Enter:
|
Property Name | Description | Possible values |
xml.identityProviders.provider.ldap-provider.class | Default LDAP Provider Class | org.apache.nifi.registry.security.ldap.LdapIdentityProvider |
xml.identityProviders.provider.ldap-provider.property.Identity Strategy | Strategy to identify users. The default functionality if this property is
missing is
|
USE_DN (default), USE_USERNAME |
xml.identityProviders.provider.ldap-provider.property.Authentication Strategy | How the connection to the LDAP server is authenticated. | ANONYMOUS, SIMPLE, LDAPS, START_TLS (default) |
xml.identityProviders.provider.ldap-provider.property.Manager DN | The DN of the manager that is used to bind to the LDAP server to search for users. | |
xml.identityProviders.provider.ldap-provider.property.Manager Password | The password of the manager that is used to bind to the LDAP server to search for users. | |
xml.identityProviders.provider.ldap-provider.property.Connect Timeout | Duration of connect timeout. | Example: 10 secs (default) |
xml.identityProviders.provider.ldap-provider.property.Read Timeout | Duration of read timeout. | Example: 10 secs (default) |
xml.identityProviders.provider.ldap-provider.property.Url | Space-separated list of URLs of the LDAP servers
(ldap://<hostname>:<port> ) |
Example: ldap://localhost:389 |
xml.identityProviders.provider.ldap-provider.property.User Search Base | Base DN for searching for users. | Example: CN=Users,DC=example,DC=com |
xml.identityProviders.provider.ldap-provider.property.User Search Filter |
Filter for searching for users against the User Search Base. | Example: sAMAccountName={0}The user specified name is inserted into
|
xml.identityProviders.provider.ldap-provider.property.Authentication Expiration | The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration. | Example: 12 hours (default) |
xml.identityProviders.provider.ldap-provider.property.Referral Strategy | Strategy for handling referrals. | FOLLOW (default), IGNORE, THROW |
You can add any properties that are not available by default in Cloudera Manager to the
identity-providers.xml
file using the NiFi Registry Advanced
Configuration Snippet (Safety Valve) for staging/identity-providers.xml.