Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Apache NiFi Integration with LDAP and Authentication via Groups

Labels:
avatar
author-rank nikhil1
Explorer

Created ‎03-20-2017 07:34 AM

LDAP has been successfully integrated with Apache NiFi 1.1.2, however the main question is, how do we specify permissions based on groups rather than users?

Setting Initial Admin Identity to as : cn=userA,ou=xyz,dc=xyz,dc=xyz

Lets say there is groupA (posix group) and groupB (normal group) in the LDAP Directory and userA and userB.

userA is the default admin so it already has access to NiFi. How do we provide access to userB based on groups rather than adding the user manually in NiFi first?

Created groupA and groupB in NiFi and added all policies necessary.

1) When NiFi checks in LDAP, does it validate against the posix group in LDAP or just the normal group?

2) Tried using both USE_DN and USE_USERNAME in the Identity Strategy but it still says no permissions for userB.

3) Added userB within NiFi and linked it to the above NiFi groups and now login to NiFi works with the password available within LDAP.

How can we configure NiFi to allow different permissions to different LDAP Groups and without adding the users within LDAP into NiFi ?

3,870 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pvillard author-rank
Guru

Created ‎03-20-2017 08:06 AM

Hi @Nikhil Chaudhary,

At the moment, LDAP-group based policies is not possible, this is something we are working on and should be available in a short future. In the meantime, you need to add the users in NiFi and then add the users to the groups in NiFi to have group based policies. At the moment, LDAP is just here to authenticate the users with a login and password, authorizations are only enforced using the username (and group memberships from NiFi only).

Hope this helps.

View solution in original post

2,989 Views
5 REPLIES 5

avatar
author-rank pvillard author-rank
Guru

Created ‎03-20-2017 08:06 AM

Hi @Nikhil Chaudhary,

At the moment, LDAP-group based policies is not possible, this is something we are working on and should be available in a short future. In the meantime, you need to add the users in NiFi and then add the users to the groups in NiFi to have group based policies. At the moment, LDAP is just here to authenticate the users with a login and password, authorizations are only enforced using the username (and group memberships from NiFi only).

Hope this helps.

2,990 Views

avatar
author-rank nikhil1
Explorer

Created ‎03-21-2017 03:13 AM

Hello @Pierre Villard

Thank you for the answer. Definitely helps.

2,989 Views
0 Kudos

avatar
author-rank martin_voigt
New Contributor

Created ‎09-06-2017 12:48 PM

Hi @Pierre Villard

is there an update on this feature request?

Thanks, Martin

2,989 Views
0 Kudos

avatar
author-rank dchaffey
Guru

Created ‎03-22-2018 09:01 AM

UPDATE: Note that this feature was introduced in NiFi-1.5.0 / HDF-3.1 and is now GA.

https://docs.hortonworks.com/HDPDocuments/HDF3/HDF-3.1.1/bk_security/content/ch05s04.html

2,989 Views
0 Kudos

avatar
author-rank fernandodini_re
New Contributor

Created ‎12-12-2017 05:14 PM

Hi @Pierre Villard

Do you have any update on this issue? We really need to autheticate using groups instead of users.

Thanks, Dini.

,

Hi @Pierre Villard

Do you have any update on this issue? I really need to use groups to authenticate through LDAP..

Tks.

2,989 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner