LDAP and Ranger Policies

Set up the LDAP and Ranger integration in NiFi and NiFi Registry.

Each authorizers.xml file produced in NiFi and NiFi Registry when using LDAP with Ranger policies, contain the following logical configuration:
  • CompositeUserGroupProvider
    • LdapUserGroupProvider
    • CMUserGroupProvider
  • RangerAuthorizer
    • Configured with CompositeUserGroupProvider
  1. From Cloudera Manager, select the NiFi/NiFi Registry Service, and click the Configuration tab.
  2. Uncheck Authorizers: Enable File User Group Provider to disable the file-user-group-provider.
  3. Uncheck Authorizers: Enable Composite Configurable User Group Provider to disable the composite-configurable-user-group-provider.
  4. Check Authorizers: Enable Composite User Group Provider to enable composite-user-group-provider.
    1. Enter ldap-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 1.
    2. Enter cm-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 2.
  5. Check LDAP Enabled to enable ldap-user-group-provider.
  6. In the Search field, enter ldap-user-group-provider to see the list of the LDAP User Group Provider properties.
    For a list of the properties, see LDAP User Group Provider Properties.
  7. Update the LDAP User Group Provider properties.
  8. Update Authorizers: Ranger Authorizer Property - User Group Provider to use the composite-user-group-provider instead of the configurable one.
  9. Save the changes.
  10. Locate the Login Identity Provider ID and verify that it is set to your authentication provider. Either:
    • kerberos-provider
    or
    • ldap-provider