Github user markobean commented on a diff in the pull request: https://github.com/apache/nifi/pull/2703#discussion_r191052573 --- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc --- @@ -3424,27 +3429,13 @@ The following examples demonstrate normalizing DNs from certificates and princip ---- nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$ nifi.security.identity.mapping.value.dn=$1@$2 -nifi.security.identity.mapping.transform.dn=NONE nifi.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$ nifi.security.identity.mapping.value.kerb=$1@$2 -nifi.security.identity.mapping.transform.kerb=NONE ---- The last segment of each property is an identifier used to associate the pattern with the replacement value. When a user makes a request to NiFi, their identity is checked to see if it matches each of those patterns in lexicographical order. For the first one that matches, the replacement specified in the `nifi.security.identity.mapping.value.xxxx` property is used. So a login with `CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US` matches the DN mapping pattern above and the DN mapping value `$1@$2` is applied. The user is normalized to `localhost@Apache NiFi`. -In addition to mapping a transform may be applied. The supported versions are NONE (no transform applied), LOWER (identity lowercased), and UPPER (identity uppercased). If not specified, the default value is NONE. --- End diff -- Somehow, there was a bad rebase to master which removed some recently modified lines. Re-rebased to master.
---