Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

Commit

Permalink
Feature: Make LDAP User/Group Search Scope Configurable (#272)
Browse files Browse the repository at this point in the history
Signed-off-by: Matthew Baird <[email protected]>
  • Loading branch information
MatthewBaird-ops authored Oct 19, 2022
1 parent 859709b commit 59e4ead
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 3 deletions.
2 changes: 1 addition & 1 deletion Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
apiVersion: v2
name: nifi
version: 1.1.1
version: 1.1.2
appVersion: 1.16.3
description: Apache NiFi is a software project from the Apache Software Foundation designed to automate the flow of data between software systems.
keywords:
Expand Down
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,8 @@ The following table lists the configurable parameters of the nifi chart and the
| `auth.ldap.host` | ldap hostname | `ldap://<hostname>:<port>` |
| `auth.ldap.searchBase` | ldap searchBase | `CN=Users,DC=example,DC=com` |
| `auth.ldap.searchFilter` | ldap searchFilter | `CN=john` |
| `auth.ldap.userSearchScope` | ldap userSearchScope | `ONE_LEVEL` |
| `auth.ldap.groupSearchScope` | ldap groupSearchScope | `ONE_LEVEL` |
| **Oidc authentication**
| `auth.oidc.enabled` | Enable User auth via oidc | `false` |
| `auth.oidc.discoveryUrl` | oidc discover url | `https://<provider>/.well-known/openid-configuration` |
Expand Down
4 changes: 2 additions & 2 deletions configs/authorizers.xml
Original file line number Diff line number Diff line change
Expand Up @@ -141,14 +141,14 @@
<property name="Sync Interval">30 mins</property>
<property name="User Search Base">{{.Values.auth.ldap.searchBase}}</property>
<property name="User Object Class">person</property>
<property name="User Search Scope">ONE_LEVEL</property>
<property name="User Search Scope">{{.Values.auth.ldap.userSearchScope}}</property>
<property name="User Search Filter">{{.Values.auth.ldap.searchFilter}}</property>
<property name="User Identity Attribute">{{.Values.auth.ldap.UserIdentityAttribute}}</property>
<property name="User Group Name Attribute"></property>
<property name="User Group Name Attribute - Referenced Group Attribute"></property>
<property name="Group Search Base"></property>
<property name="Group Object Class">group</property>
<property name="Group Search Scope">ONE_LEVEL</property>
<property name="Group Search Scope">{{.Values.auth.ldap.groupSearchScope}}</property>
<property name="Group Search Filter"></property>
<property name="Group Name Attribute"></property>
<property name="Group Member Attribute"></property>
Expand Down
2 changes: 2 additions & 0 deletions values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ auth:
authStrategy: SIMPLE # How the connection to the LDAP server is authenticated. Possible values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
identityStrategy: USE_DN
authExpiration: 12 hours
userSearchScope: ONE_LEVEL # Search scope for searching users (ONE_LEVEL, OBJECT, or SUBTREE). Required if searching users.
groupSearchScope: ONE_LEVEL # Search scope for searching groups (ONE_LEVEL, OBJECT, or SUBTREE). Required if searching groups.

oidc:
enabled: false
Expand Down

0 comments on commit 59e4ead

Please sign in to comment.