Support Questions

Find answers, ask questions, and share your expertise

LDAP Authentication Issue

avatar
Super Collaborator

Hi,I am trying to configure LDAP authentication to our NiFi instance, I am using SIMPLE authentication strategy , with the below settings.

<provider> <identifier>ldap-provider</identifier>

<class>org.apache.nifi.ldap.LdapProvider</class>

<property name="Authentication Strategy">SIMPLE</property>

<property name="Manager DN">CN=admintarapare,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="Manager Password">mypwd></property>

<property name="TLS - Keystore"></property>

<property name="TLS - Keystore Password"></property>

<property name="TLS - Keystore Type"></property>

<property name="TLS - Truststore"></property>

<property name="TLS - Truststore Password"></property>

<property name="TLS - Truststore Type"></property>

<property name="TLS - Client Auth"></property>

<property name="TLS - Protocol"></property>

<property name="TLS - Shutdown Gracefully">

</property> <property name="Referral Strategy">FOLLOW</property>

<property name="Connect Timeout">10 secs</property>

<property name="Read Timeout">10 secs</property>

<property name="Url">ldap://ourserver:389</property>

<property name="User Search Base">OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="User Search Filter">sAMAccountName={0}</property>

<property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider>

i am not getting any exception in the nifi-app.log, but getting this in nifi-user.log

o.a.n.w.a.c.IllegalArgumentExceptionMapper java.lang.IllegalArgumentException: The supplied username and password are not valid.. Returning Bad Request response.

I am using this user admintarapare(which i used in my Manager CN) to login and i know the pwd is correct and i used LDP on my server to verify its connecting to the LDAP server.

Any idea on what i am doing wrong here.?

Regards,

Sai

1 ACCEPTED SOLUTION

avatar

@Saikrishna Tarapareddy

There is an extra character at the end of both of those properties.

">" this is the extra character, on the end of your value.

View solution in original post

13 REPLIES 13

avatar
Super Collaborator

@Wynner,

its working now .

Thank you,

Sai

avatar
Super Collaborator

@Wynner ,

i have another issue..while i was able to LDAP authenticate successfully using same OU values.

It is failing to authenticate when my Manager DN's OU is different than Users.

As per our company rule they create service accounts differently to regular user accounts. and we want to use service account as Initial Admin and Manager as shown below..

Only way i could solve this is by

1. In login-identity-providers.xml have Manager DN and User Search Base's OU same.

in my case (ou=Generic-Users,ou=Users and Groups,ou=NPPC AMS,ou=AMS,ou=Organizations,dc=mycomp,dc=com)

2. Start NiFi and log in as Initial Admin .

3. from NiFi UI , create an user with my users DN like (OU=US-StLouis-HQ,OU=Users and Groups,OU=NPPC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com) , this is how general users DN looks.

4. in login-identity-providers.xml change the user search base to match with step 3

5. restart NiFi

6. Login as user

Managers DN:

<property name="Manager DN">cn=nifiadmin,ou=Generic-Users,ou=Users and Groups,ou=NPPC AMS,ou=AMS,ou=Organizations,dc=mycomp,dc=com</property>

User Search base:

<property name="User Search Base">OU=US-StLouis-HQ,OU=Users and Groups,OU=NPPC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com</property>

Is there a better way.? this way i will have to go back and forth when i have to add a new user or grant an user with create user policy and use that user to create new users instead of initial admin.

Regards,

Sai

avatar

avatar
@Saikrishna Tarapareddy

This should be a different question, not a continuation of your first question.

Because, now you are asking about authorization, not authentication.