[
https://issues.apache.org/jira/browse/NIFIREG-109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Doran updated NIFIREG-109:
--------------------------------
Description:
This is a cloned issue from NiFi that is also relevant in NiFi Registry as it
uses the same LDAP configuration functionality.
Currently, group membership is defined using a fully qualified DN between user
and group or between group and user. When membership is defined through a user,
the group DN is required. When membership is defined through a group, the user
DN is required.
We should add another property to configure which attribute in the referenced
group or user should be used as the value of the user's group attribute or the
group's user attribute. For instance, if the user's member attribute contains
the value 'group1' this new property would be the group attribute that returns
the value 'group1'. When these new properties are blank a full DN is assumed.
was:
Currently, group membership is defined using a fully qualified DN between user
and group or between group and user. When membership is defined through a user,
the group DN is required. When membership is defined through a group, the user
DN is required.
We should add another property to configure which attribute in the referenced
group or user should be used as the value of the user's group attribute or the
group's user attribute. For instance, if the user's member attribute contains
the value 'group1' this new property would be the group attribute that returns
the value 'group1'. When these new properties are blank a full DN is assumed.
> LdapUserGroupProvider: Allow admin to configure group membership attribute
> --------------------------------------------------------------------------
>
> Key: NIFIREG-109
> URL: https://issues.apache.org/jira/browse/NIFIREG-109
> Project: NiFi Registry
> Issue Type: Improvement
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Fix For: 0.1.1
>
>
> This is a cloned issue from NiFi that is also relevant in NiFi Registry as it
> uses the same LDAP configuration functionality.
> Currently, group membership is defined using a fully qualified DN between
> user and group or between group and user. When membership is defined through
> a user, the group DN is required. When membership is defined through a group,
> the user DN is required.
> We should add another property to configure which attribute in the referenced
> group or user should be used as the value of the user's group attribute or
> the group's user attribute. For instance, if the user's member attribute
> contains the value 'group1' this new property would be the group attribute
> that returns the value 'group1'. When these new properties are blank a full
> DN is assumed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
