LDAP authentication
After you install NiFi or NiFi Registry, you can enable LDAP authentication.
In a kerberized environment, enabling the LDAP Login Identity Provider takes precedence over the Kerberos Login Identity Provider.
Set the following required LDAP parameters for NiFi:
LDAP Parameters for NiFi | Sample Value |
---|---|
Enable TLS/SSL for NiFi Node | Checked |
LDAP Enabled | Checked |
Login Identity Provider: Default LDAP Provider Class | org.apache.nifi.ldap.LdapProvider |
Initial Admin Identity | admin |
Login Identity Provider ID | ldap-provider |
LDAP Authentication Strategy | SIMPLE , LDAPS , or STARTTLS |
LDAP Manager DN | uid=admin,ou=people,dc=hadoop,dc=apache,dc=org |
LDAP Manager Password | admin-password |
LDAP URL | ldap://<ldap-hostname>:33389 |
LDAP User Search Base | ou=people,dc=hadoop,dc=apache,dc=org |
Login Identity Provider: Default LDAP User Search Filter | uid={0} |
Login Identity Provider: Default LDAP Identity Strategy | USE_USERNAME |
Login Identity Provider: Default LDAP TLS - Keystore | /<path to>/keystore.jks |
Login Identity Provider: Default LDAP TLS - Keystore Password | Default LDAP TLS - Keystore Password |
Login Identity Provider: Default LDAP TLS - Keystore Type | JKS or PKCS12 |
Login Identity Provider: Default LDAP TLS - Truststore | /<path to>/truststore.jks |
Login Identity Provider: Default LDAP TLS - Truststore Password | Default LDAP TLS - Truststore Password |
Login Identity Provider: Default LDAP TLS - Truststore Type | JKS or PKCS12 |
TLS - Client Auth | Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
Possible values are |
TLS - Protocol | Protocol to use when connecting to LDAP using LDAPS or START_TLS. For example,
|
TLS - Shutdown Gracefully | Specifies whether the TLS should be shut down gracefully before the target context is
closed. Defaults to false . |
Set the following required LDAP parameters for NiFi Registry:
LDAP Parameter for NiFi Registry | Sample Value |
---|---|
Enable TLS/SSL for NiFi Registry | Checked |
LDAP Enabled | Checked |
Identity Provider: Default LDAP Provider Class | org.apache.nifi.registry.security.ldap.LdapIdentityProvider |
Initial Admin Identity | admin |
Identity Provider Identifier | ldap-provider |
LDAP Authentication Strategy | SIMPLE , LDAPS , or STARTTLS |
LDAP Manager DN | uid=admin,ou=people,dc=hadoop,dc=apache,dc=org |
LDAP Manager Password | admin-password |
LDAP URL | ldap://<ldap-hostname>:33389 |
LDAP User Search Base | ou=people,dc=hadoop,dc=apache,dc=org |
Identity Provider: Default LDAP User Search Filter | uid={0} |
Identity Provider: Default LDAP Identity Strategy | USE_USERNAME |
Client Authentication Required | Unchecked |
Identity Provider: Default LDAP TLS - Keystore | /<path to>/keystore.jks |
Identity Provider: Default LDAP TLS - Keystore Password | Default LDAP TLS - Keystore Password |
Identity Provider: Default LDAP TLS - Keystore Type | JKS or PKCS12 |
Identity Provider: Default LDAP TLS - Truststore | /<path to>/truststore.jks |
Identity Provider: Default LDAP TLS - Truststore Password | Default LDAP TLS - Truststore Password |
Identity Provider: Default LDAP TLS - Truststore Type | JKS or PKCS12 |
TLS - Client Auth | Client authentication policy when connecting to LDAP using LDAPS or START_TLS.
Possible values are |
TLS - Protocol | Protocol to use when connecting to LDAP using LDAPS or START_TLS. For example,
|
TLS - Shutdown Gracefully | Specifies whether the TLS should be shut down gracefully before the target context is
closed. Defaults to false . |