Cloudera Docs

LDAP and file-based policies

Learn how to configure LDAP and file-based integration in NiFi and NiFi Registry.

When LDAP is used with file-based policies, each authorizers.xml file produced in NiFi and NiFi Registry contains the following components:
  • CompositeUserGroupProvider
    • LdapUserGroupProvider
    • CMUserGroupProvider
  • FileAccessPolicyProvider
    • Configured with CompositeUserGroupProvider
  • StandardManagedAuthorizer
    • Configured with FileAccessPolicyProvider
  1. In Cloudera Manager, go to the NiFi or NiFi Registry service.
  2. Click the Configuration tab.
  3. Uncheck Authorizers: Enable File User Group Provider to disable the file-user-group-provider.
  4. Uncheck Authorizers: Enable Composite Configurable User Group Provider to disable the composite-configurable-user-group-provider.
  5. Check Authorizers: Enable Composite User Group Provider to enable composite-user-group-provider.
    1. Enter ldap-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 1.
    2. Enter cm-user-group-provider for Authorizers: Composite User Group Provider Property - User Group Provider 2.
  6. Check LDAP Enabled to enable ldap-user-group-provider.
  7. In the Search field, enter ldap-user-group-provider to see the list of the LDAP User Group Provider properties.
    For a list of the properties, see LDAP User Group Provider properties.
  8. Update the LDAP User Group Provider properties.
  9. Update Authorizers: Default File Access Policy Property - User Group Provider to use the composite-user-group-provider instead of the configurable one.
  10. Save the changes.
  11. Locate the Login Identity Provider ID and verify that it is set to your authentication provider.
    Either:
    • kerberos-provider
    or
    • ldap-provider