LDAP Authentication
After you install NiFi or NiFi Registry, you can enable LDAP authentication.
In a kerberized environment, enabling the LDAP Login Identity Provider takes precedence over the Kerberos Login Identity Provider.
Set the following required LDAP parameters for NiFi:
| LDAP Parameters for NiFi | Sample Value |
|---|---|
| Enable TLS/SSL for NiFi Node | Checked |
| LDAP Enabled | Checked |
| Login Identity Provider: Default LDAP Provider Class | org.apache.nifi.ldap.LdapProvider |
| Initial Admin Identity | admin |
| Login Identity Provider ID | ldap-provider |
| LDAP Authentication Strategy | SIMPLE |
| LDAP Manager DN | uid=admin,ou=people,dc=hadoop,dc=apache,dc=org |
| LDAP Manager Password | admin-password |
| LDAP URL | ldap://<ldap-hostname>:33389 |
| LDAP User Search Base | ou=people,dc=hadoop,dc=apache,dc=org |
| Login Identity Provider: Default LDAP User Search Filter | uid={0} |
| Login Identity Provider: Default LDAP Identity Strategy | USE_USERNAME |
| Authorizers: LDAP User Search Filter | (uid=*) |
| Authorizers: LDAP User Identity Attribute | uid |
Set the following required LDAP parameters for NiFi Registry:
| LDAP Parameter for NiFi Registry | Sample Value |
|---|---|
| Enable TLS/SSL for NiFi Registry | Checked |
| LDAP Enabled | Checked |
| Identity Provider: Default LDAP Provider Class | org.apache.nifi.registry.security.ldap.LdapIdentityProvider |
| Initial Admin Identity | admin |
| Identity Provider Identifier | ldap-provider |
| LDAP Authentication Strategy | SIMPLE |
| LDAP Manager DN | uid=admin,ou=people,dc=hadoop,dc=apache,dc=org |
| LDAP Manager Password | admin-password |
| LDAP URL | ldap://<ldap-hostname>:33389 |
| LDAP User Search Base | ou=people,dc=hadoop,dc=apache,dc=org |
| Identity Provider: Default LDAP User Search Filter | uid={0} |
| Identity Provider: Default LDAP Identity Strategy | USE_USERNAME |
| Authorizers: LDAP User Search Filter | (uid=*) |
| Authorizers: LDAP User Identity Attribute | uid |
| Client Authentication Required | Unchecked |
