In a typical customer environment there is a challenge while deploying HDF Cluster & enabling LDAPS Authentication because of Username case.
In Active directory userid exists as (Ex for Empid:- X1122)
but When I have imported users in Ranger by setting lowercase=true all imported users are displayed like this in lower case (x1122) .
I have created all required policies for kafka and nifi .verified smoke tests for Kafka and they are PASSED.
But smoke tests for NiFi are FAILED because because NiFi respects only AD value(X1122) and there is no inbuilt intelligence todo a case conversion.
All the NiFI ranger policies has userid as (x112233).So Ranger Nifi policies are not applicable in this scenario and ranger nifi plugin authorization is not working correctly.
So,NiFi Ranger Authorization has Failed to access View NiFI UI under /flow ranger policy.
NiFi does not have a option to change case sensitive of returned results, but with the ldap-provider there are two configuration options for "identity Strategy":
1. (default) USE_DN --> This strategy will use the users complete DN returned by LDAP upon successful authentication for authorization.<br>
2. USE_USERNAME --> This strategy will use the username as typed in the login screen for authorization upon successful authentication with LDAP.
No matter what method of authentication is used, the value used above based on configuration is passed through and identity mapping patterns configured in NiFi and the result sent to the configured authorizer. That authorizer in your case is Ranger.
We resolve this issue by using "USE_USERNAME"
So as long as user logs in as all lowercase, it will work