Pierre Villard created NIFI-3409:
------------------------------------
Summary: Batch users/groups import - LDAP
Key: NIFI-3409
URL: https://issues.apache.org/jira/browse/NIFI-3409
Project: Apache NiFi
Issue Type: Sub-task
Components: Core Framework, Core UI
Reporter: Pierre Villard
Assignee: Pierre Villard
Creating the sub task to answer:
{quote}
Batch user import
* Whether the users are providing client certificates, LDAP credentials, or
Kerberos tickets to authenticate, the canonical source of identity is still
managed by NiFi. I propose a mechanism to quickly define multiple users in the
system (without affording any policy assignments). Here I am looking for
substantial community input on the most common/desired use cases, but my
initial thoughts are:
** LDAP-specific
*** A manager DN and password (similar to necessary for LDAP authentication)
are used to authenticate the admin/user manager, and then a LDAP query string
(i.e. {{ou=users,dc=nifi,dc=apache,dc=org}}) is provided and the dialog
displays/API returns a list of users/groups matching the query. The admin can
then select which to import to NiFi and confirm.
{quote}
In particular the initial implementation would be to add a feature allowing to
sync users and groups with LDAP based on additional parameters given in the
login identity provider configuration file and custom filters provided by the
user through the UI.
It is not foreseen to delete users/groups that exist in NiFi but are not
retrieved in the LDAP. It'd be only creating/updating users/groups based on
what is in LDAP server.
The feature would be exposed through a new REST API endpoint. In case another
identity provider is configured (not LDAP), an unsupported operation exception
would be returned at the moment.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
