Support Questions

Hello!

I installed Nifi, Nifi toolkit.

I have an error "Unknown user with identity 'CN=admin, OU=people, DC=nifi, DC=com'. Contact the system administrator." or

"Unable to locate initial admin CN=admin,OU=people,DC=nifi,DC=com to seed policies".

Ldap config -> ldap.png

nifi.properties:

# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=

nifi.security.keystore=./conf/keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=C952nQSnvjyqA38F4Z5WHB80qzzCGPjB8qCrfIUTXWs
nifi.security.keyPasswd=C952nQSnvjyqA38F4Z5WHB80qzzCGPjB8qCrfIUTXWs
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=0f9v05dN9t15lVRklQ3B6jGphb5fbtfYuEKjefQyb7A
nifi.security.needClientAuth=yes
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=ldap-provider
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=

authorizers.xml:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizers>    
 <authorizer>
        <identifier>file-provider</identifier>
        <class>org.apache.nifi.authorization.FileAuthorizer</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Users File">./conf/users.xml</property>
        <property name="Initial Admin Identity">CN=admin,OU=people,DC=nifi,DC=com</property>
        <property name="Legacy Authorized Users File"></property>


        <property name="Node Identity 1">CN=admin,OU=people,DC=nifi,DC=com</property>
    </authorizer>


</authorizers>

login-identity-providers.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<loginIdentityProviders>
 
    <provider>
        <identifier>ldap-provider</identifier>
        <class>org.apache.nifi.ldap.LdapProvider</class>
        <property name="Authentication Strategy">LDAPS</property>


        <property name="Manager DN">CN=admin,OU=people,DC=nifi,DC=com</property>
        <property name="Manager Password">password</property>


        <property name="TLS - Keystore">./conf/keystore.jks</property>
        <property name="TLS - Keystore Password">C952nQSnvjyqA38F4Z5WHB80qzzCGPjB8qCrfIUTXWs</property>
        <property name="TLS - Keystore Type">jks</property>
        <property name="TLS - Truststore">./conf/truststore.jks</property>
        <property name="TLS - Truststore Password">0f9v05dN9t15lVRklQ3B6jGphb5fbtfYuEKjefQyb7A</property>
        <property name="TLS - Truststore Type">jks</property>
        <property name="TLS - Client Auth">WANT</property>
        <property name="TLS - Protocol">TLS</property>
        <property name="TLS - Shutdown Gracefully">true</property>
        
        <property name="Referral Strategy">IGNORE</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>


        <property name="Url">ldap://localhost:10389</property>
        <property name="User Search Base">OU=PEOPLE,DC=NIFI,DC=COM</property>
        <property name="User Search Filter">cn={0}</property>


        <property name="Identity Strategy">USE_USERNAME</property>
        <property name="Authentication Expiration">12 hours</property>
    </provider>


</loginIdentityProviders>

C:\nifi-toolkit\bin>tls-toolkit.bat standalone -n "localhost" -C "cn=admin,ou=people,dc=nifi,dc=com"

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate initial admin CN=admin,OU=people,DC=nifi,DC=com to seed policies
 at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
 at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
 at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1634)
 at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:317)
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
 ... 91 common frames omitted
Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate initial admin CN=admin,OU=people,DC=nifi,DC=com to seed policies
 at org.apache.nifi.authorization.FileAccessPolicyProvider.onConfigured(FileAccessPolicyProvider.java:234)
 at org.apache.nifi.authorization.FileAuthorizer.doOnConfigured(FileAuthorizer.java:137)
 at org.apache.nifi.authorization.AbstractPolicyBasedAuthorizer.onConfigured(AbstractPolicyBasedAuthorizer.java:67)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at org.apache.nifi.authorization.AuthorizerInvocationHandler.invoke(AuthorizerInvocationHandler.java:55)
 at com.sun.proxy.$Proxy77.onConfigured(Unknown Source)
 at org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:166)
 at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
 ... 96 common frames omitted
Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate initial admin CN=admin,OU=people,DC=nifi,DC=com to seed policies
 at org.apache.nifi.authorization.FileAccessPolicyProvider.populateInitialAdmin(FileAccessPolicyProvider.java:569)
 at org.apache.nifi.authorization.FileAccessPolicyProvider.load(FileAccessPolicyProvider.java:512)
 at org.apache.nifi.authorization.FileAccessPolicyProvider.onConfigured(FileAccessPolicyProvider.java:225)
 ... 106 common frames omitted
2019-01-16 10:58:25,580 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...
2019-01-16 10:58:25,585 INFO [Thread-1] o.eclipse.jetty.server.AbstractConnector Stopped ServerConnector@7a7bb083{SSL,[ssl, http/1.1]}{localhost:9443}
2019-01-16 10:58:25,585 INFO [Thread-1] org.eclipse.jetty.server.session Stopped scavenging