Created 11-14-2016 09:22 PM
Hi,
We have a HDF server inside our company's network and we just secured our remote server (one server only) on our HADOOP cluster with LDAP authentication (outside of our network , managed by rackspace).
How do i connect to a remote process using Site 2 Site..? Earlier i have my putHDFS process on remote server and i was sending files using Site 2 Site from local server. Since both are HTTP it was working fine then.
But Now i am not able to connect to the remote port using because of secure connection. (HTTPs\LDAP etc).
What is the solution.? Do i have to go HTTPS on the local server too with the same LDAP settings..??
Thank you.
Regards,
Sai
Created 11-14-2016 11:32 PM
A unsecured NiFi instance can interact with a secured NiFi instancy, if it's configured with its keystore and truststore, and also the remote NiFi has a proper user and policies configured with it.
I have a working example on Github, nifi-integration-test, that confirms inter connectivity among unsecured/secured/standalone/clustered NiFi instances, in which you can find example nifi.properties, keystore and truststore. Here are important properties to configure:
Hope this helps,
Koji
Created 11-22-2016 09:42 PM
i have exported remote server certificate to local nifi and local nifi certificate to server. but now i am getting a forbidden error.
i checked and granted all the permissions needed for user "CN=nifistos, OU=nestle" on the https system.
2016-11-22 15:48:59,285 INFO [NiFi Web Server-36] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=nifistos, OU=nestle) GET https://myremoteserver:10090/nifi-api/site-to-site (source ip: 172.16.2.4)
2016-11-22 15:48:59,285 INFO [NiFi Web Server-36] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=nifistos, OU=nestle
2016-11-22 15:48:59,286 INFO [NiFi Web Server-36] o.a.n.w.a.c.AccessDeniedExceptionMapper CN=nifistos, OU=nestle does not have permission to access the requested resource. Returning Forbidden response.
anything else that i am missing..??
Created 11-24-2016 12:29 AM
Please double check the 'CN=nifistos, OU=nestle' user has right policy settings to use Site-to-Site. The user needs
Once the user got authenticated, the all authorization checks the user has to pass are above two policies.
Created 11-22-2016 10:13 PM
found the issue , my Server user has needs a space between CN and OU.
thanks for the help.
Created 11-24-2016 12:30 AM
I hadn't read this comment when I wrote a reply few seconds ago. Glad to hear that it worked!