Github user markobean commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2703#discussion_r191052573
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -3424,27 +3429,13 @@ The following examples demonstrate normalizing DNs
from certificates and princip
----
nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?),
L=(.*?), ST=(.*?), C=(.*?)$
nifi.security.identity.mapping.value.dn=$1@$2
-nifi.security.identity.mapping.transform.dn=NONE
nifi.security.identity.mapping.pattern.kerb=^(.*?)/instance@(.*?)$
nifi.security.identity.mapping.value.kerb=$1@$2
-nifi.security.identity.mapping.transform.kerb=NONE
----
The last segment of each property is an identifier used to associate the
pattern with the replacement value. When a user makes a request to NiFi, their
identity is checked to see if it matches each of those patterns in
lexicographical order. For the first one that matches, the replacement
specified in the `nifi.security.identity.mapping.value.xxxx` property is used.
So a login with `CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA,
C=US` matches the DN mapping pattern above and the DN mapping value `$1@$2` is
applied. The user is normalized to `localhost@Apache NiFi`.
-In addition to mapping a transform may be applied. The supported versions
are NONE (no transform applied), LOWER (identity lowercased), and UPPER
(identity uppercased). If not specified, the default value is NONE.
--- End diff --
Somehow, there was a bad rebase to master which removed some recently
modified lines. Re-rebased to master.
---
