LDAP and Ranger Policies
Set up the LDAP and Ranger integration in NiFi and NiFi Registry.
Each authorizers.xml file produced in NiFi and NiFi
Registry when using LDAP with Ranger policies, contain the following logical
configuration:
- CompositeUserGroupProvider
- LdapUserGroupProvider
- CMUserGroupProvider
- RangerAuthorizer
- Configured with CompositeUserGroupProvider
- Uncheck Authorizers: Enable File User Group Provider to disable the file-user-group-provider.
- Uncheck Authorizers: Enable Composite Configurable User Group Provider to disable the composite-configurable-user-group-provider.
-
Check Authorizers: Enable Composite User Group Provider
to enable composite-user-group-provider.
- Enter ldap-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 1.
- Enter cm-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 2.
-
Check LDAP Enabled to enable
ldap-user-group-provider.
- Configure all ldap-user-group-provider parameters.
- Update Authorizers: Ranger Authorizer Property - User Group Provider to use the composite-user-group-provider instead of the configurable one.