Set up the LDAP and Ranger integration in NiFi and NiFi Registry.
Each
authorizers.xml file produced in NiFi and NiFi
Registry when using LDAP with Ranger policies, contain the following logical
configuration:
- CompositeUserGroupProvider
- LdapUserGroupProvider
- CMUserGroupProvider
- RangerAuthorizer
- Configured with CompositeUserGroupProvider
-
From Cloudera Manager, select the NiFi/NiFi Registry Service, and click the
Configuration tab.
-
Uncheck Authorizers: Enable File User Group Provider to
disable the file-user-group-provider.
-
Uncheck Authorizers: Enable Composite Configurable User Group
Provider to disable the
composite-configurable-user-group-provider.
-
Check Authorizers: Enable Composite User Group Provider
to enable composite-user-group-provider.
-
Enter ldap-user-group-provider for Authorizers: Composite
User Group Provider Property - User Group Provider
1.
-
Enter cm-user-group-provider for Authorizers: Composite User
Group Provider Property - User Group Provider 2.
-
Check LDAP Enabled to enable
ldap-user-group-provider.
-
In the Search field, enter
ldap-user-group-provider to see the list of the LDAP User
Group Provider properties.
For a list of the properties, see LDAP User Group Provider
Properties.
-
Update the LDAP User Group Provider properties.
-
Update Authorizers: Ranger Authorizer Property - User Group
Provider to use the composite-user-group-provider instead of the
configurable one.
-
Save the changes.
-
Locate the Login Identity Provider ID and verify that it
is set to your authentication provider. Either:
