Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

LDAP Authentication Issue

avatar
Super Collaborator

Hi,I am trying to configure LDAP authentication to our NiFi instance, I am using SIMPLE authentication strategy , with the below settings.

<provider> <identifier>ldap-provider</identifier>

<class>org.apache.nifi.ldap.LdapProvider</class>

<property name="Authentication Strategy">SIMPLE</property>

<property name="Manager DN">CN=admintarapare,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="Manager Password">mypwd></property>

<property name="TLS - Keystore"></property>

<property name="TLS - Keystore Password"></property>

<property name="TLS - Keystore Type"></property>

<property name="TLS - Truststore"></property>

<property name="TLS - Truststore Password"></property>

<property name="TLS - Truststore Type"></property>

<property name="TLS - Client Auth"></property>

<property name="TLS - Protocol"></property>

<property name="TLS - Shutdown Gracefully">

</property> <property name="Referral Strategy">FOLLOW</property>

<property name="Connect Timeout">10 secs</property>

<property name="Read Timeout">10 secs</property>

<property name="Url">ldap://ourserver:389</property>

<property name="User Search Base">OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="User Search Filter">sAMAccountName={0}</property>

<property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider>

i am not getting any exception in the nifi-app.log, but getting this in nifi-user.log

o.a.n.w.a.c.IllegalArgumentExceptionMapper java.lang.IllegalArgumentException: The supplied username and password are not valid.. Returning Bad Request response.

I am using this user admintarapare(which i used in my Manager CN) to login and i know the pwd is correct and i used LDP on my server to verify its connecting to the LDAP server.

Any idea on what i am doing wrong here.?

Regards,

Sai

1 ACCEPTED SOLUTION

avatar

@Saikrishna Tarapareddy

There is an extra character at the end of both of those properties.

">" this is the extra character, on the end of your value.

View solution in original post

13 REPLIES 13

avatar
@Saikrishna Tarapareddy

Try changing the User Search Filter from sAMAccountName={0} to (sAMAccountName={0})

avatar
Super Collaborator

@wynner ,

I am getting the same error after changing sAMAccountName={0} to (sAMAccountName={0})

avatar
@Saikrishna Tarapareddy

Just to be sure. Did you restart NiFi after making the change?

avatar
Super Collaborator

@Wynner ,

Yes , i did.

avatar
@Saikrishna Tarapareddy

Another just to be sure, you have an extra character at the end of a couple of the properties.

This property appears to have an extra character

Manager DN

CN=admintarapare,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com>

and this property also

User Search Base

OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com>

avatar
Super Collaborator

@Wynner,

i do not have any extra chars , i just double checked..

<property name="Manager DN">CN=admintarapa,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com></property>

<property name="User Search Base">OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com></property>

One interesting thing is , i tried with wrong password for my manager DN in the login-identity-providers.xml file , even then i get the same error.

o.a.n.w.a.c.IllegalArgumentExceptionMapper java.lang.IllegalArgumentException: The supplied username and password are not valid.. Returning Bad Request response.

Regards,

Sai

avatar

@Saikrishna Tarapareddy

There is an extra character at the end of both of those properties.

">" this is the extra character, on the end of your value.

avatar
Expert Contributor

If your password has any unique characters such as "&" it will break the XML

The fix for this example would be changing the & to: "& amp;" without the space (this website will not show the correct value).

avatar
Super Collaborator

@Wynner ,

Sorry , i missed it..Thanks a lot..

now i am getting

insufficient permissions error ..let me check in my user..


ldap1.png