Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
NIFI-5973 Adds ShellUserGroupProvider #3495
Thank you for submitting a contribution to Apache NiFi.
Please provide a short description of the PR here:
Description of PR
The code in this change-set provides the functionality discussed in NIFI-5973, specifically:
In order to streamline the review of the contribution we ask you
For all changes:
For code changes:
For documentation related changes:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
alopresto left a comment
Thanks Troy, this is clearly a lot of great work across a number of difficult to test environments. I tried to run this locally on my Mac OS X 10.14 environment and while I was able to use the LDAP identity provider to authenticate, the mapping to shell-provided users and groups isn't working for me yet. I'll post more details on my testing environment & process.
Steps to test on Mac OS X 10.14
Here is where I received a Unknown user with identity 'alopresto'. Contact the system administrator. error in the NiFi UI and the below logs in
Identity mapping transformations:
My (generated by the code in this PR)
I don't see any policy for the root process group (usually indicated by 2
Andy, this is super feedback. Thank you for taking the time to review and comment with such detail. I'll update the PR with changes and replies to your comments.
When testing (again, Mac OS X 10.14), I enabled debug logging in the
The relevant portions of my
After initial startup (these files did not exist and were created):
Under the Unix NSS implementation, will it identify groups for users who do not show in the
The most common scenario for the use of the shell provider is when NSS is integrated with a companies LDAP directory (typically using SSSD).
To avoid performance issues with
However they will show when queried directly (i.e.