Hi Mike,
I'm not an expert on LDAP search operations, but I think you want to do
something like this:
<property name="User Search Base">OU=IT, O=Client</property>
<property name="User Search Filter">(|(OU=Temp)(OU=Staff))</property>
If I have it correct, this will use "OU=IT, O=Client" as the base, searching
every entry under that, with a search filter that entries matched must contain
'OU=Temp' OR 'OU=Staff'
>From the little bit of research I did, this type of "extensible matching",
>that leverages components of the DN, is a part of the LDAP standard that not
>supported by all LDAP implementations, most notably Active Directory, so if
>that scenario applies to you, you may have to try a different search filter
>(with a vendor-specific syntax) to achieve the desired result. Hopefully this
>is enough to at least get you started down the right path.
Hope this helps,
Kevin
From: Mike Thomsen <[email protected]>
Reply-To: <[email protected]>
Date: Thursday, December 14, 2017 at 16:16
To: <[email protected]>
Subject: LDAP authentication with users in two different LDAP branches
Some of our users are under OU=Temp, OU=IT, O=Client. The rest are under
OU=Staff, OU=IT, O=Client. What is the best route for configuring NiFi to able
to find users in both LDAP branches?
I should also mention that the NiFi groups are on the same branch in case that
matters.
Thanks,
Mike
