[ https://issues.apache.org/jira/browse/NIFI-3409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Gilman resolved NIFI-3409. ------------------------------- Resolution: Won't Fix NIFI-4059 implements a User Group Provider this is sync with a Directory Server. Given this capability, this issue is OBE. The Ldap User Group Provider will continue staying in sync based on a configured interval. > Batch users/groups import - LDAP > -------------------------------- > > Key: NIFI-3409 > URL: https://issues.apache.org/jira/browse/NIFI-3409 > Project: Apache NiFi > Issue Type: Sub-task > Components: Core Framework, Core UI > Reporter: Pierre Villard > Assignee: Pierre Villard > > Creating the sub task to answer: > {quote} > Batch user import > * Whether the users are providing client certificates, LDAP credentials, or > Kerberos tickets to authenticate, the canonical source of identity is still > managed by NiFi. I propose a mechanism to quickly define multiple users in > the system (without affording any policy assignments). Here I am looking for > substantial community input on the most common/desired use cases, but my > initial thoughts are: > ** LDAP-specific > *** A manager DN and password (similar to necessary for LDAP authentication) > are used to authenticate the admin/user manager, and then a LDAP query string > (i.e. {{ou=users,dc=nifi,dc=apache,dc=org}}) is provided and the dialog > displays/API returns a list of users/groups matching the query. The admin can > then select which to import to NiFi and confirm. > {quote} > In particular the initial implementation would be to add a feature allowing > to sync users and groups with LDAP based on additional parameters given in > the login identity provider configuration file and custom filters provided by > the user through the UI. > It is not foreseen to delete users/groups that exist in NiFi but are not > retrieved in the LDAP. It'd be only creating/updating users/groups based on > what is in LDAP server. > The feature would be exposed through a new REST API endpoint. In case another > identity provider is configured (not LDAP), an unsupported operation > exception would be returned at the moment. -- This message was sent by Atlassian JIRA (v6.4.14#64029)