I have a test environment with OpenLDAP and MIT KDC as backend directory services. I tried to use it to test Nifi authorization through Ranger and running into an issue where the user name seems to not matching correctly.
Here is my setup
- HDF 18.104.22.168, Nifi 1.1.0 and Ranger 0.6.2
- Cluster installed with all HDF components except Storm and kafka
- Cluster Kerberized with MIT KDC
- Credentials in OpenLDAP
- Ranger sync with OpenLDAP
- Ranger Nifi policy created for a user with all permissions.
I could get to Nifi login page and login with the credentials from OpenLDAP, but then it complains about not have enough access
Looking at the audit log, the user name get logged in Ranger is hadoopadmin@FIELD.HORTONWORKS.COM rather than hadoopadmin, it seems the KDC principal name get used here
I haven't setup identity mapping and the values are empty now.
What values should I use to get the username mapped correctly?