search

cloudera-labs / cloudera.cluster

An Ansible collection for lifecycle and management of Cloudera CDP Private Cloud resources on bare metal, IaaS, and PaaS.
Apache License 2.0
32 stars 46 forks source link

docs/freeipa.md should mention the required NIFI attribute auth_provider.ldap_attribute.user_member ldap.j2 #200

Open hadoopch opened 5 months ago

hadoopch commented 5 months ago

Hi,

it would be helpful that the example in the freeipa doc mentions also the required NIFI attribute

in ./roles/config/cluster/base/templates/configs/ldap.j2

base_dn: "dc={{ (krb5_realm | lower).split('.') | join(',dc=') }}"
user_dn: "cn=users,cn=accounts,{{ base_dn }}"
group_dn: "cn=groups,cn=accounts,{{ base_dn }}"

auth_providers:
  freeipa:
    ldap_bind_user_dn: "uid=admin,{{ user_dn }}"
    ldap_bind_password: "{{ ipaadmin_password }}"
    ldap_search_base:
      user: "{{ user_dn }}"
      group: "{{ group_dn }}"
    ldap_object_class:
      user: "person"
      group: "groupofnames"
    ldap_attribute:
      user: "uid"
      group: "cn"
      member: "member"
      user_member: "memberOf"
    type: LDAP
    ldap_url: "ldaps://{{ groups.krb5_server | first }}"