John, NiFi supports an AuthorityProvider extension point. Currently, we do not provide one that interacts with LDAP (though we would welcome any contributions). Users are typically added by having them request accounts. This is done by having them visit the NiFi instance in question. The application will not recognize them and will provide an opportunity for them to request an account. A little star icon will show up over the User Management icon in the upper right whenever there are any pending account requests. The Admin will be able to assign roles there (as well as revoked and remove accounts). This will add (or remove) the entries to the local authorized users file. This account request model was designed to allow the Admins to not have to manually enter or edit DNs.
Alternatively, the Admin could manually add the entries to the local authorized users file prior to starting the application. Thanks. Matt Gilman On Thu, Mar 19, 2015 at 7:09 AM, Kalisz, John T. <[email protected]> wrote: > Is it possible to authenticate NiFI users against LDAP or AD. Where can I > find instructions to do so. The instructions for setting up rules allude > to the idea of using LDAP but I have found no properties related to LDAP > ports or servers. If LDAP is not supported, is there a way to add users > locally? > > <users> > <user dn="[cn=John Smith,ou=people,dc=example,dc=com]"> > <role name="ROLE_ADMIN"/> > </user> > </users> > > John T. Kalisz > General Dynamics Mission Systems > > Office 413-494-3376 | Cell 413-822-1883 | [email protected] > <mailto:[email protected]> > > This message and/or attachments may include information subject to GD > Corporate Policies 07-103 and 07-105 and is intended to be accessed only by > authorized recipients. Use, storage and transmission are governed by > General Dynamics and its policies. Contractual restrictions apply to third > parties. Recipients should refer to the policies or contract to determine > proper handling. Unauthorized review, use, disclosure or distribution is > prohibited. If you are not an intended recipient, please contact the > sender and destroy all copies of the original message. > >
