Support Questions

saikrishna_tara · ‎08-28-2017

Hi,I am trying to configure LDAP authentication to our NiFi instance, I am using SIMPLE authentication strategy , with the below settings.

<provider> <identifier>ldap-provider</identifier>

<class>org.apache.nifi.ldap.LdapProvider</class>

<property name="Authentication Strategy">SIMPLE</property>

<property name="Manager DN">CN=admintarapare,OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="Manager Password">mypwd></property>

</property> <property name="Referral Strategy">FOLLOW</property>

<property name="Url">ldap://ourserver:389</property>

<property name="User Search Base">OU=Admins,OU=Users and Groups,OU=GC AMS,OU=AMS,OU=Organizations,DC=mycompany,DC=com></property>

<property name="User Search Filter">sAMAccountName={0}</property>

<property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider>

i am not getting any exception in the nifi-app.log, but getting this in nifi-user.log

o.a.n.w.a.c.IllegalArgumentExceptionMapper java.lang.IllegalArgumentException: The supplied username and password are not valid.. Returning Bad Request response.

I am using this user admintarapare(which i used in my Manager CN) to login and i know the pwd is correct and i used LDP on my server to verify its connecting to the LDAP server.

Any idea on what i am doing wrong here.?

Regards,

Sai

Wynner · ‎08-29-2017

@Saikrishna Tarapareddy

There is an extra character at the end of both of those properties.

">" this is the extra character, on the end of your value.

View solution in original post

saikrishna_tara · ‎08-29-2017

@Wynner,

its working now .

Thank you,

Sai

saikrishna_tara · ‎08-30-2017

@Wynner ,

i have another issue..while i was able to LDAP authenticate successfully using same OU values.

It is failing to authenticate when my Manager DN's OU is different than Users.

As per our company rule they create service accounts differently to regular user accounts. and we want to use service account as Initial Admin and Manager as shown below..

Only way i could solve this is by

1. In login-identity-providers.xml have Manager DN and User Search Base's OU same.

in my case (ou=Generic-Users,ou=Users and Groups,ou=NPPC AMS,ou=AMS,ou=Organizations,dc=mycomp,dc=com)

2. Start NiFi and log in as Initial Admin .

3. from NiFi UI , create an user with my users DN like (OU=US-StLouis-HQ,OU=Users and Groups,OU=NPPC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com) , this is how general users DN looks.

4. in login-identity-providers.xml change the user search base to match with step 3

5. restart NiFi

6. Login as user

Managers DN:

<property name="Manager DN">cn=nifiadmin,ou=Generic-Users,ou=Users and Groups,ou=NPPC AMS,ou=AMS,ou=Organizations,dc=mycomp,dc=com</property>

User Search base:

<property name="User Search Base">OU=US-StLouis-HQ,OU=Users and Groups,OU=NPPC AMS,OU=AMS,OU=Organizations,DC=mycomp,DC=com</property>

Is there a better way.? this way i will have to go back and forth when i have to add a new user or grant an user with create user policy and use that user to create new users instead of initial admin.

Regards,

Sai

Wynner · ‎08-30-2017

@Saikrishna Tarapareddy

Look at this article, it should help you: User management in NiFi through identity mapping patterns

Wynner · ‎08-30-2017

@Saikrishna Tarapareddy

This should be a different question, not a continuation of your first question.

Because, now you are asking about authorization, not authentication.

Cloudera Community

Support Questions

LDAP Authentication Issue