Support Questions

Frank168 · ‎10-02-2025

I an trying to configuring NiFi regoistry (2.5.0) with LDAP, have successfully configured so I can login using AD credential. However I am not able to see users or groups from AD in the admininstration sections.
I have checked the user and group sections authorizers.xml) are the same as NiFI, as I can see users and groups when I go to Users or Policies section.
I am not using LDAPS (use LDAP in the dev envirobment), and this works fine in NiFi 2.5, and just cant see why it doesnt work with NiFI registry using teh same LDAP usergroup provider settings.
Any thoughts?

MattWho · ‎10-03-2025

@Frank168

It would be difficult to say what the issue is without being able to see your authorizers.xml file and nifi-registry.properties file.

One common mistake I see individuals make is copying from their NiFi's authorizers.xml.
While they structurally are the same, NiFi-Registry has different class names for each provider in the authorizers.xml.

The next suggestion i often make is start by reading your authorizers.xml from the bottom up starting with the authorizer (I expect that will be the "managed-authorizer" for you). That managed-authorizer will reference another provider and that referenced provider will reference another provider and so on. What you are making sure is that there is a referenced path from the managed-authorizer to your ldap-user-group-provider and likely your user-group-provider as well. I have seen scenarios where the individual providers were all configured correctly; however, the authorizer was not actually using them because there was not referenced path to them.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

Frank168 · ‎10-05-2025

Thanks Matt! That was it, the referenced path to ldap-user-group-provider is incorrect.

View solution in original post

MattWho · ‎10-08-2025

@Frank168
Glad I was able to identify your issue for you.
Can you accept the post that solved your issue. I see you accepted your response.

Thank you,
Matt

View solution in original post

MattWho · ‎10-03-2025

@Frank168

It would be difficult to say what the issue is without being able to see your authorizers.xml file and nifi-registry.properties file.

One common mistake I see individuals make is copying from their NiFi's authorizers.xml.
While they structurally are the same, NiFi-Registry has different class names for each provider in the authorizers.xml.

The next suggestion i often make is start by reading your authorizers.xml from the bottom up starting with the authorizer (I expect that will be the "managed-authorizer" for you). That managed-authorizer will reference another provider and that referenced provider will reference another provider and so on. What you are making sure is that there is a referenced path from the managed-authorizer to your ldap-user-group-provider and likely your user-group-provider as well. I have seen scenarios where the individual providers were all configured correctly; however, the authorizer was not actually using them because there was not referenced path to them.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

Frank168 · ‎10-05-2025

Thanks Matt! That was it, the referenced path to ldap-user-group-provider is incorrect.

MattWho · ‎10-08-2025

@Frank168
Glad I was able to identify your issue for you.
Can you accept the post that solved your issue. I see you accepted your response.

Thank you,
Matt

Cloudera Community

Support Questions

Nifi Registry and LDAP