LDAP Integration (ldap-provider) Issue

Muhyid — Sat, 15 Aug 2020 14:51:44 GMT

Dear All,

I am encountering issue with LDAP integration.

I have completed LDAP (ldap-provider) and Certificate configurations according to documentation.
I added IU certificate in NiFi (keystore, truststore etc.) and configured other pieces of the MS AD LDAP integration (authorizers.xml, login-identity-providers.xml and nifi.properties).
I logged on NiFi from HTTPS UI with initial admin (admin1) and assigned the policies one of the LDAP users (nifiadmin) which is located on MS AD LDAP.
I checked LDAP user (nifiadmin) from NiFi UI it is exist in the NiFi. It seems Ok. I added all screenshots (nifi_policies.jpg) about that.
When I try to login initial admin (admin1) there is no error:

nifi-user.log:

2020-08-13 10:46:43,544 INFO [main] o.a.n.a.FileUserGroupProvider Users/Groups file loaded at Thu Aug 13 10:46:43 MSK 2020

2020-08-13 10:46:43,684 INFO [main] o.a.n.a.FileAccessPolicyProvider Authorizations file loaded at Thu Aug 13 10:46:43 MSK 2020

2020-08-13 11:21:28,051 INFO [NiFi Web Server-22] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://nifiportal.abc.example.com/nifi-api/flow/current-user (source ip: 10.0.2.15)

2020-08-13 11:21:28,062 INFO [NiFi Web Server-22] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for admin1

2020-08-13 11:21:28,167 INFO [NiFi Web Server-118] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://nifiportal.abc.example.com/nifi-api/flow/client-id (source ip: 10.0.2.15)

2020-08-13 11:21:28,170 INFO [NiFi Web Server-118] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for admin1

2020-08-13 11:21:28,170 INFO [NiFi Web Server-22] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://nifiportal.abc.example.com/nifi-api/flow/config (source ip: 10.0.2.15)

2020-08-13 11:21:28,179 INFO [NiFi Web Server-22] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for admin1

2020-08-13 11:21:28,206 INFO [NiFi Web Server-118] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://nifiportal.abc.example.com/nifi-api/flow/banners (source ip: 10.0.2.15)

6. But, when I try to login with LDAP User (nifiadmin) who was already assigned NiFi UI access by me I am getting permission error. I added all screenshots (nifi_policies.jpg) about that:

nifi-user.log:

2020-08-13 11:51:52,255 INFO [NiFi Web Server-16] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://nifiportal.abc.example.com/nifi-api/flow/current-user (source ip: 10.0.2.15)

2020-08-13 11:51:52,258 INFO [NiFi Web Server-16] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for nifiadmin

2020-08-13 11:51:52,260 INFO [NiFi Web Server-16] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[nifiadmin], groups[] does not have permission to access the requested resource. Unknown user with identity 'nifiadmin'. Returning Forbidden response.

7. When I check the nifi-app.log there is no error:

nifi-app.log:

2020-08-13 10:46:52,310 INFO [main] o.e.jetty.util.ssl.SslContextFactory x509=X509@1b8354aa(fa3f2599-3d3b-43c9-9e7a-ea26375d4470,h=[nifiportal.abc.example.com],w=[]) for SslContextFactory@378a5302[provider=null,keyStore=file:///C:/nifi/certificates/private-keystore1,trus

tStore=file:///C:/nifi/certificates/public-keystore1]

2020-08-13 10:46:52,325 INFO [main] o.eclipse.jetty.server.AbstractConnector Started ServerConnector@2794eab6{SSL,[ssl, http/1.1]}{nifiportal.abc.example.com:443}

2020-08-13 10:46:52,325 INFO [main] org.eclipse.jetty.server.Server Started @31030ms

2020-08-13 10:46:52,419 INFO [main] org.apache.nifi.nar.NarAutoLoader Starting NAR Auto-Loader for directory .\extensions ...

2020-08-13 10:46:52,419 INFO [main] org.apache.nifi.nar.NarAutoLoader NAR Auto-Loader started

2020-08-13 10:46:52,419 INFO [main] org.apache.nifi.web.server.JettyServer NiFi has started. The UI is available at the following URLs:

2020-08-13 10:46:52,419 INFO [main] org.apache.nifi.web.server.JettyServer https://nifiportal.abc.example.com:443/nifi

8. What I did for solving the problem

I deleted user.xml and authorizations.xml several times. Nifi creates automatically them but problem is still continue.
I tried different kind of the configurations in the related files (authorizers.xml, login-identity-providers.xml and nifi.properties). But no change
I also tried another LDAP user than nifiadmin (admin2) but there is no any solution for ldap user login issue

I added all configuration files (authorizations, authorizers, login-identity-providers, nifi.properties and users) with jpeg format. I also added screenshots (nifi_policies.jpg) about access and user policies.

My environment details are below:
Apache NiFi 1.11.3 (single, not cluster)
Windows Server 2016
Java JRE 1.8.0_251 (64 Bit)

MS Active Directory 2016 for LDAP

Do you have any comment or idea?

nifi_policiesauthorizations.xmlauthorizers-1.xmlauthorizers-2.xmlauthorizers-3.xmllogin-identity-providers.xmlnifi.propertiesusers.xml

Re: LDAP Integration (ldap-provider) Issue

Muhyid — Sun, 27 Sep 2020 19:43:13 GMT

Dear All,

I solved the problem.

Re: LDAP Integration (ldap-provider) Issue

VidyaSargur — Mon, 28 Sep 2020 09:44:53 GMT

Hi @Muhyid , I'm happy to see you resolved your issue. Can you please provide the details of the solution? It will make it easier for others to find the answer in the future.

question Re: LDAP Integration (ldap-provider) Issue in Support Questions

LDAP Integration (ldap-provider) Issue

Re: LDAP Integration (ldap-provider) Issue

Re: LDAP Integration (ldap-provider) Issue