Hello Aurélien, On a quick look at the gist, it looks like you are missing the LdapUserGroupProvider.
(1) Pierre has a very informative guide on the LDAP group configuration here - https://pierrevillard.com/?s=ldap. (thank you Pierre! For this one and the other posts!!) (2) Refer to this one in addition - https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#ldap-based-users-groups-referencing-user-dn Also, I think you will need to have the ldap identity provider to authenticate the users first. I hope the authentication using LDAP is working for you. - Vishal From: users@nifi.apache.org At: 03/11/19 08:17:45To: users@nifi.apache.org Subject: LDAP, Groups and nifi users Hello. I’m struggling to configure a correct authorizes.xml to achieve the following. I’m using nifi 1.8 and 1.9 (freshy install) in secure mode + ldap auth. - I have a LDAP serveur (RH identity manager) where users/groups are stored. - I’d like to be able to grant rights on Nifi based on user group - I’d like to be able to see users and their associated rights in nifi menu => users (not working, see screenshot bellow) I don’t know where is my mistake , I’ve tried a lot of conf in ldap-user-group-provider, I’m not even really sure the problem is here. Authentication itself is working, I can assign policy to users, but nothing works with groups. My configurations are https://gist.github.com/zorel/6934e7e6c1ae9e951ab13a1ce1db2330 Thanks for any pointer. Aurélien DEHAY Big Data Architect +33 616 815 441 aurelien.de...@faurecia.com 23/27 avenue des Champs Pierreux 92735 Nanterre Cedex – France This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.