You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Paul Kelly (Jira)" <ji...@apache.org> on 2022/12/02 10:39:00 UTC

[jira] [Created] (NIFI-10930) LDAP binding should support external SASL authentication

Paul Kelly created NIFI-10930:
---------------------------------

             Summary: LDAP binding should support external SASL authentication
                 Key: NIFI-10930
                 URL: https://issues.apache.org/jira/browse/NIFI-10930
             Project: Apache NiFi
          Issue Type: Improvement
            Reporter: Paul Kelly


Binding to an LDAP server could use a client TLS certificate for External SASL authentication instead of manager DN and password.

Currently the LdapProviders in NiFi all use DefaultTlsDirContextAuthenticationStrategy, which requires a DN and password to bind to the LDAP server; however, Spring LDAP also has ExternalTlsDirContextAuthenticationStrategy, which supports External SASL authentication using only a client TLS certificate.

The LdapProviders in NiFi could be modified to use ExternalTlsDirContextAuthenticationStrategy instead of DefaultTlsDirContextAuthenticationStrategy when a client TLS certificate is configured and manager DN and password are empty.  This would enable binding to an LDAP server (including Active Directory) with a certificate instead of a username and password, which simplifies management in environments that require password rotations.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)