Support Questions
Find answers, ask questions, and share your expertise

LDAP Authentication Issue

Solved Go to solution

LDAP Authentication Issue

Super Collaborator

Hi,I am trying to configure LDAP authentication to our NiFi instance, I am using SIMPLE authentication strategy , with the below settings.

<provider> <identifier>ldap-provider</identifier>

<class>org.apache.nifi.ldap.LdapProvider</class>

<property name="Authentication Strategy">SIMPLE</property>

<property name="Manager DN">CN=admintarapare,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="Manager Password">mypwd></property>

<property name="TLS - Keystore"></property>

<property name="TLS - Keystore Password"></property>

<property name="TLS - Keystore Type"></property>

<property name="TLS - Truststore"></property>

<property name="TLS - Truststore Password"></property>

<property name="TLS - Truststore Type"></property>

<property name="TLS - Client Auth"></property>

<property name="TLS - Protocol"></property>

<property name="TLS - Shutdown Gracefully">

</property> <property name="Referral Strategy">FOLLOW</property>

<property name="Connect Timeout">10 secs</property>

<property name="Read Timeout">10 secs</property>

<property name="Url">ldap://ourserver:389</property>

<property name="User Search Base">OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="User Search Filter">sAMAccountName={0}</property>

<property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider>

i am not getting any exception in the nifi-app.log, but getting this in nifi-user.log

o.a.n.w.a.c.IllegalArgumentExceptionMapper java.lang.IllegalArgumentException: The supplied username and password are not valid.. Returning Bad Request response.

I am using this user admintarapare(which i used in my Manager CN) to login and i know the pwd is correct and i used LDP on my server to verify its connecting to the LDAP server.

Any idea on what i am doing wrong here.?

Regards,

Sai

1 ACCEPTED SOLUTION

Accepted Solutions

Re: LDAP Authentication Issue

@Saikrishna Tarapareddy

There is an extra character at the end of both of those properties.

">" this is the extra character, on the end of your value.

View solution in original post

13 REPLIES 13

Re: LDAP Authentication Issue

@Saikrishna Tarapareddy

Try changing the User Search Filter from sAMAccountName={0} to (sAMAccountName={0})

Re: LDAP Authentication Issue

Super Collaborator

@wynner ,

I am getting the same error after changing sAMAccountName={0} to (sAMAccountName={0})

Re: LDAP Authentication Issue

@Saikrishna Tarapareddy

Just to be sure. Did you restart NiFi after making the change?

Re: LDAP Authentication Issue

Super Collaborator

@Wynner ,

Yes , i did.

Re: LDAP Authentication Issue

@Saikrishna Tarapareddy

Another just to be sure, you have an extra character at the end of a couple of the properties.

This property appears to have an extra character

Manager DN

CN=admintarapare,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com>

and this property also

User Search Base

OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com>

Re: LDAP Authentication Issue

Super Collaborator

@Wynner,

i do not have any extra chars , i just double checked..

<property name="Manager DN">CN=admintarapa,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com></property>

<property name="User Search Base">OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com></property>

One interesting thing is , i tried with wrong password for my manager DN in the login-identity-providers.xml file , even then i get the same error.

o.a.n.w.a.c.IllegalArgumentExceptionMapper java.lang.IllegalArgumentException: The supplied username and password are not valid.. Returning Bad Request response.

Regards,

Sai

Re: LDAP Authentication Issue

@Saikrishna Tarapareddy

There is an extra character at the end of both of those properties.

">" this is the extra character, on the end of your value.

View solution in original post

Re: LDAP Authentication Issue

Expert Contributor

If your password has any unique characters such as "&" it will break the XML

The fix for this example would be changing the & to: "& amp;" without the space (this website will not show the correct value).

Re: LDAP Authentication Issue

Super Collaborator

@Wynner ,

Sorry , i missed it..Thanks a lot..

now i am getting

insufficient permissions error ..let me check in my user..


ldap1.png