Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
NIFI-4059: Introduce LdapUserGroupProvider #1923
Hey @mcgilman, I played a bit with it and that's really great. It's going to be super useful. It also gave me the occasion to have a look at the Managed Authorizer stuff - it's neat!
Tested using Apache Directory Studio and tried multiple scenarios: users first, groups first, both users and groups. All is working as expected. I've just one remark: when using users only search, but also setting the group name attribute, the full DN of the group is used. Would be nice to also take into account the group name attribute in that case (Note: the other way is working - if searching for groups and defining the user name attribute, we don't have the full DN for users).
Thanks @pvillard31 for having a look at this PR! I've addressed the two issues above and I think resolving the group name when searching users only and detecting group membership is supported. Check out this unit test here . Please let me know if I misunderstood. Thanks again!