question Re: NiFi Authentication with LDAP in Support Questions

NiFi Authentication with LDAP

myzard — Tue, 13 Sep 2022 13:37:38 GMT

Hi,

I am trying to secure NiFi authentication using LDAP configuration. ). I am able to get to the login screen, but then I am getting an error on logging in ( The supplied username and password are invalid) even though the username and password are correct.Can someone help me in the direction, on what might be the problem?

Re: NiFi Authentication with LDAP

MattWho — Tue, 13 Sep 2022 20:29:57 GMT

@myzard
If you are positive the username and password entered are valid, this likely points to an issue in your login-identity-providers.xml ldap-provider configuration with the manager DN and/or manager password.

Since this is an xml file, the first question to ask is if the password contains any XML special characters (<, >, ", `, or &):

< replace with < > replace with > " replace with " ˋ replace with ' & replace with &

If so, you'll need to escape them by using above substitutions.

Next is to use ldapsearch to verify the manager DN and manager password works using same configuration set in the ldap-provider (minus xml substitutions if any) against the same username and password.

Make sure the results from your ldapsearch on returns one matching user.
I have seen setups where ldap had same username multiple times under different DNs.
This will not work with NiFi login as NiFi would be unable to determine which is the actual user being authenticated. In this scenario, adjust your search base so that it only returns one user entry.

If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.

Thank you,

Matt

Re: NiFi Authentication with LDAP

myzard — Wed, 21 Sep 2022 03:29:38 GMT

not worked any solution ?

Re: NiFi Authentication with LDAP

MattWho — Thu, 22 Sep 2022 12:22:32 GMT

@myzard

Did your LDAP manager password contain any XML special characters?
Did you verify ldapsearch worked from same same host were NiFi is installed using that manager DN and Manager password to get a return for the user you are trying to login in with?

what output did you get from ldap search?

For the ldap-provider, there are only two username and passwords in use:
1. Manager DN and Manager password configured in the ldap-provider
2. username and password entered at login interface.

Other suggestions:
- Make sure there are no leading or trailing whitespaces on the username or password configured in the provider or entered at the login windows.
- Make sure the nifi.properties file is properly configured for the ldap-provider and not a different login provider like kerberos-provider.
- Share you ldap-providers.xml file

Thanks,

Matt