Cloudera Docs

LDAP and File-Based Policies

Set up the LDAP and file-based integration in NiFi and NiFi Registry.

Each authorizers.xml file produced in NiFi and NiFi Registry when using LDAP with file-based policies, contain the following logical configuration:
  • CompositeUserGroupProvider
    • LdapUserGroupProvider
    • CMUserGroupProvider
  • FileAccessPolicyProvider
    • Configured with CompositeUserGroupProvider
  • StandardManagedAuthorizer
    • Configured with FileAccessPolicyProvider
  1. From Cloudera Manager, select the NiFi/NiFi Registry Service, and click the Configuration tab.
  2. Uncheck Authorizers: Enable File User Group Provider to disable the file-user-group-provider.
  3. Uncheck Authorizers: Enable Composite Configurable User Group Provider to disable the composite-configurable-user-group-provider.
  4. Check Authorizers: Enable Composite User Group Provider to enable composite-user-group-provider.
    1. Enter ldap-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 1.
    2. Enter cm-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 2.
  5. Check LDAP Enabled to enable ldap-user-group-provider.
  6. In the Search field, enter ldap-user-group-provider to see the list of the LDAP User Group Provider properties.
    For a list of the properties, see LDAP User Group Provider Properties.
  7. Update the LDAP User Group Provider properties.
  8. Update Authorizers: Default File Access Policy Property - User Group Provider to use the composite-user-group-provider instead of the configurable one.
  9. Save the changes.
  10. Locate the Login Identity Provider ID and verify that it is set to your authentication provider. Either:
    • kerberos-provider
    or
    • ldap-provider