LDAP Authentication
After you install NiFi or NiFi Registry, you can enable LDAP authentication.
In a kerberized environment, enabling the LDAP Login Identity Provider takes precedence over the Kerberos Login Identity Provider.
Set the following required LDAP parameters for NiFi:
LDAP Parameters for NiFi | Sample Value |
---|---|
Enable TLS/SSL for NiFi Node | Checked |
LDAP Enabled | Checked |
Login Identity Provider: Default LDAP Provider Class | org.apache.nifi.ldap.LdapProvider |
Initial Admin Identity | admin |
Login Identity Provider ID | ldap-provider |
LDAP Authentication Strategy | SIMPLE |
LDAP Manager DN | uid=admin,ou=people,dc=hadoop,dc=apache,dc=org |
LDAP Manager Password | admin-password |
LDAP URL | ldap://<ldap-hostname>:33389 |
LDAP User Search Base | ou=people,dc=hadoop,dc=apache,dc=org |
Login Identity Provider: Default LDAP User Search Filter | uid={0} |
Login Identity Provider: Default LDAP Identity Strategy | USE_USERNAME |
Authorizers: LDAP User Search Filter | (uid=*) |
Authorizers: LDAP User Identity Attribute | uid |
Set the following required LDAP parameters for NiFi Registry:
LDAP Parameter for NiFi Registry | Sample Value |
---|---|
Enable TLS/SSL for NiFi Registry | Checked |
LDAP Enabled | Checked |
Identity Provider: Default LDAP Provider Class | org.apache.nifi.registry.security.ldap.LdapIdentityProvider |
Initial Admin Identity | admin |
Identity Provider Identifier | ldap-provider |
LDAP Authentication Strategy | SIMPLE |
LDAP Manager DN | uid=admin,ou=people,dc=hadoop,dc=apache,dc=org |
LDAP Manager Password | admin-password |
LDAP URL | ldap://<ldap-hostname>:33389 |
LDAP User Search Base | ou=people,dc=hadoop,dc=apache,dc=org |
Identity Provider: Default LDAP User Search Filter | uid={0} |
Identity Provider: Default LDAP Identity Strategy | USE_USERNAME |
Authorizers: LDAP User Search Filter | (uid=*) |
Authorizers: LDAP User Identity Attribute | uid |
Client Authentication Required | Unchecked |