Cloudera Docs

LDAP and Ranger Policies

Set up the LDAP and Ranger integration in NiFi and NiFi Registry.

Each authorizers.xml file produced in NiFi and NiFi Registry when using LDAP with Ranger policies, contain the following logical configuration:
  • CompositeUserGroupProvider
    • LdapUserGroupProvider
    • CMUserGroupProvider
  • RangerAuthorizer
    • Configured with CompositeUserGroupProvider
  1. Uncheck Authorizers: Enable File User Group Provider to disable the file-user-group-provider.
  2. Uncheck Authorizers: Enable Composite Configurable User Group Provider to disable the composite-configurable-user-group-provider.
  3. Check Authorizers: Enable Composite User Group Provider to enable composite-user-group-provider.
    1. Enter ldap-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 1.
    2. Enter cm-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 2.
  4. Check LDAP Enabled to enable ldap-user-group-provider.
    1. Configure all ldap-user-group-provider parameters.
  5. Update Authorizers: Ranger Authorizer Property - User Group Provider to use the composite-user-group-provider instead of the configurable one.