Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

how to integrate NiFi and ldap and how to add differ users for Nifi web access?

Labels:
avatar
Former Member

Created ‎08-26-2016 09:52 AM

 
2,137 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎08-26-2016 12:00 PM

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt

View solution in original post

1,347 Views
1 REPLY 1

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎08-26-2016 12:00 PM

@kishore sanchina

NiFi only supports user controlled access when it is configured to run securely over HTTPS.

The HTTPS configuration of NiFi will require a keystore and truststore is created/provided. If you don't have a corporately provided PKI infrastructure that can provide your with TLS certificates for this purpose, you can create your own. The following HCC article will walk you through manually creating your own:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif....

Once your NiFi is setup securely, you will need to enable user access to the UI.

There are two parts to successful access:

1. User authentication <-- This can accomplished via TLS certificates, LDAP, or Kerberos. Setting up NiFi to use one of these login identity providers is covered here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication

2. User Authorization <-- This is accomplished through NiFi via the authorized-users.xml file. This process is documented here:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access

You will need to manually populate the Authorized-users.xml file with your first "Admin" role user. That Admin user will be able to approve access to other users who have passed the authentication phase and submitted a UI based authorization request.

Thanks,

Matt

1,348 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements