In the nifi login-identity-providers.xml template, most standard LDAP search options are provided, but "scope," which enables subtree searches, is not listed. The LDAP search appears to be limited to a one-level or base-only search as configured. This prevents us from using LDAP authentication for more than one OU (severely limiting the usability of the product).
1) Is there an undocumented way to add the search scope parameter?
2) Is there a way to enable more detailed logging on the LDAP authentication to help troubleshoot these issues?
3) Is there a way to view the logs from Ambari or the NiFi console rather than at the command line?