Support Questions
Find answers, ask questions, and share your expertise

how to integrate NIFI and LDAP?

kindly provide me the steps for nifi and ldap integration.

11 REPLIES 11

Hi @pierre Bullard,

I tried to integrate LDAP and nifi but I'm facing issue so that's why I posted. Thanks for ur update.

Expert Contributor

@kishore sanchina - how did you download nifi? did you download from apache website? -- the ranger integration of nifi is available as part of HDF.. you can download HDF from http://hortonworks.com/downloads/#dataflow

@hduraiswamy i downloaded HDF form hortonworks portal and installed successfully. for nifi and ldap integration what are the config files i want to modify/change.

Master Guru

@kishore sanchina

If you installed NIFi via HDF Ambari, you will want to edit the ldap-provider settings in in the following section:

12404-screen-shot-2017-02-13-at-80113-am.png

Of course you will need to obtain the proper values for your particular LDAP installation.

**** Make sure you remove the two comment lines that wrap this ldap-provider section.

You will also need to set the nifi.security.user.login.identity.provider to "ldap-provider" to match the provider name above:

12405-screen-shot-2017-02-13-at-80447-am.png

------------

If you are not using Ambari do install your NiFi, the same configurations needed to be done, but will be performed by manually editing the following files:

1. login-identity-providers.xml

2. nifi.properties

------------

Documentation on NIFi LDAP configuration can be found in the NiFi admin guide also:

http://docs.hortonworks.com/HDPDocuments/HDF2/HDF-2.1.1/bk_dataflow-administration/content/lightweig...

-------------

A restart of your NiFi will need to occur before these changes will take affect.

Also keep in mind that this does not disable the default user certificate authentication method. Users will only see the login screen if they do not present a user certificate.

------------

Thanks,

Matt

Contributor

@Matt Clarke

I did perform the steps as mentioned above but nifi login did not prompt for any password and direct login is observed.

May I know what do you mean by:

"Also keep in mind that this does not disable the default user certificate authentication method. Users will only see the login screen if they do not present a user certificate."

I believe I am not providing any user certificate and I am logging in to nifi using URL:

http://xx.yy.xx.yy:8086/nifi/

In our case 8086 is the used port.

Master Guru
@Sriram

The URL you just shared is http. NiFi must be secured over https before any user authentication can be enabled. You can not perform user authentication over http.

-

Thank you,

Matt

New Contributor

I do not understand why this is so. I also want to add LDAP authentication to my NiFi setup but everything is behind a proxy that's in charge of encryption. The proxy decrypts all the information and sends it as an HTTP request to NiFi. Does this mean that I cannot use LDAP until I can defer the encryption onto the NiFi service?

Master Guru

@bilbolord2001 

 

You are correct, NiFi will not support any form of user/client authentication and authorization until NiFi itself has been secured.

 

Matt

New Contributor

There are multiple resources that can help but will take time to get through.

I experience same feeling and manage to complete the setup within a week. I documented number of critical steps as well as useful resources as following, hope it helps.

https://vanducng.dev/blog/supplements/2019/11/20/setup-ldap-apache-nifi/

; ;