So I've managed to get a Secure Nifi 1.9.2 Cluster with LDAP Authentication and groups configured after looking at Pierre Villards guide on the subjects (Specifically this one). In most cases it seems to be working great however we have a few users with Initials capitalized names in AD.
They are logging in with their usernames all in lower case, which works however they are then presented with Unknown user with identity 'nathan.english'. Contact the system administrator. But if they Login with Nathan.English as the username is in AD the group mapping is grants them access with the correct policies.
Reading through the system administration guide I found the Group Membership - Enforce Case Sensitivity which should be set in the authorizers.xml and I have set this to false, across the cluster. But even with this set to false it still fails when the username is in lower case and not exactly as it is in AD. Is my understanding of this property incorrect?
Below is the LDAP User Group Provider configuration in the authorizers.xml
<userGroupProvider>
<identifier>ldap-user-group-provider</identifier>
<class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN"><manager_dn></property>
<property name="Manager Password"><manager_password></property>
<property name="TLS - Keystore"></property>
<property name="TLS - Keystore Password"></property>
<property name="TLS - Keystore Type"></property>
<property name="TLS - Truststore"></property>
<property name="TLS - Truststore Password"></property>
<property name="TLS - Truststore Type"></property>
<property name="TLS - Client Auth"></property>
<property name="TLS - Protocol"></property>
<property name="TLS - Shutdown Gracefully"></property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://<hostname>:389</property>
<property name="Page Size"></property>
<property name="Sync Interval">5 mins</property>
<property name="Group Membership - Enforce Case Sensitivity">false</property>
<property name="User Search Base">DC=<domain>,DC=net</property>
<property name="User Object Class">person</property>
<property name="User Search Scope">SUBTREE</property>
<property name="User Search Filter"></property>
<property name="User Identity Attribute">sAMAccountName</property>
<property name="User Group Name Attribute"></property>
<property name="User Group Name Attribute - Referenced Group Attribute"></property>
<property name="Group Search Base">DC=<domain>,DC=net</property>
<property name="Group Object Class">group</property>
<property name="Group Search Scope">SUBTREE</property>
<property name="Group Search Filter"></property>
<property name="Group Name Attribute">cn</property>
<property name="Group Member Attribute">member</property>
<property name="Group Member Attribute - Referenced User Attribute"></property>
</userGroupProvider>
