[jira] [Commented] (NIFI-10930) LDAP binding should support external SASL authentication

["ASF subversion and git services (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/NIFI-10930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17643407#comment-17643407 ] 

ASF subversion and git services commented on NIFI-10930:
--------------------------------------------------------

Commit 0ebc6d31489e975dcbbe078fa572332ef8ffa9e2 in nifi's branch refs/heads/main from Dominique Jean-Prost
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=0ebc6d3148 ]

NIFI-10930 Added LDAP_REFERRAL_STRATEGY variable for Docker

This closes #6749

Signed-off-by: David Handermann <ex...@apache.org>


> LDAP binding should support external SASL authentication
> --------------------------------------------------------
>
>                 Key: NIFI-10930
>                 URL: https://issues.apache.org/jira/browse/NIFI-10930
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Paul Kelly
>            Priority: Minor
>
> Binding to an LDAP server could use a client TLS certificate for External SASL authentication instead of manager DN and password.
> Currently the LdapProviders in NiFi all use DefaultTlsDirContextAuthenticationStrategy, which requires a DN and password to bind to the LDAP server; however, Spring LDAP also has ExternalTlsDirContextAuthenticationStrategy, which supports External SASL authentication using only a client TLS certificate.
> The LdapProviders in NiFi could be modified to use ExternalTlsDirContextAuthenticationStrategy instead of DefaultTlsDirContextAuthenticationStrategy when a client TLS certificate is configured and manager DN and password are empty.  This would enable binding to an LDAP server (including Active Directory) with a certificate instead of a username and password, which simplifies management in environments that require password rotations.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)