Hi all I'm still trying to connect nifi to registry with both of them using authentication.
So far, i've understood that, like in Nifi, I have to set identity-providers.xml and authorizers.xml to have connection to ldap configured. And I can connect to the registry using my ldap, so it works (to a certain extend). *However*, it seems like my user is not really an admin, as I can't manage other users. To say things more clearly, nifi-registry UI allow me to view my user privileges, but I can't edit my permissions, and I can edit none of the other users permissions. I can no more add/remove users. Which is weird, cosnidering I'm the initial admin of nifi-registry. Is there smothing I forgot ? Here is my authorizers.xml for nifi-registry <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.registry.security.authorization.file.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Initial User Identity 1">cn=nifi-runner.mycompany.com, ou=0008 43120727, ou=ssl infra server, o=mycompany, c=fr</property> </userGroupProvider> <userGroupProvider> <identifier>ldap-user-group-provider</identifier> <class>org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider</class> <property name="Authentication Strategy">LDAPS</property> <property name="Manager DN">uid=dont-ask-me,ou=applicationAccounts,o=mycompany.com</property> <property name="Manager Password">YOU_KIDDIN___DO_YOU</property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore">/opt/certs/cacerts.jks</property> <property name="TLS - Truststore Password">pfeblelep</property> <property name="TLS - Truststore Type">JKS</property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol">TLSv1</property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldaps://ldapserver.my.company.com:636</property> <property name="Page Size"></property> <property name="Sync Interval">30 mins</property> <property name="User Search Base"></property> <property name="User Object Class"></property> <property name="User Search Scope">OBJECT</property> <property name="User Search Filter"></property> <property name="User Identity Attribute"></property> <property name="User Group Name Attribute"></property> <property name="User Group Name Attribute - Referenced Group Attribute"></property> <property name="Group Search Base">cn=NIFI-ADMIN,ou=DATAou=applicationRole,ou=role,ou=OU,o=mycompany.com</property> <property name="Group Object Class">groupofuniquenames</property> <property name="Group Search Scope">SUBTREE</property> <property name="Group Search Filter"></property> <property name="Group Name Attribute">cn</property> <property name="Group Member Attribute">uniqueMember</property> <property name="Group Member Attribute - Referenced User Attribute"></property> </userGroupProvider> <userGroupProvider> <identifier>composite-user-group-provider</identifier> <class>org.apache.nifi.registry.security.authorization.CompositeUserGroupProvider</class> <property name="User Group Provider 1">ldap-user-group-provider</property> <property name="User Group Provider 2">file-user-group-provider</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider</class> <property name="User Group Provider">composite-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">uid=20008203,ou=people,ou=go-lm,o=corp.leroymerlin.com</property> <property name="Nifi Identity 1">cn=nifi-psh.adeo.com, ou=0002 421206079, ou=ssl infra server, o=adeo services, c=fr</property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.registry.security.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers> Thanks for your help
