Created on 09-13-2022 02:38 AM - last edited on 09-13-2022 06:37 AM by ask_bill_brooks
Hi,
I am trying to secure NiFi authentication using LDAP configuration. ). I am able to get to the login screen, but then I am getting an error on logging in ( The supplied username and password are invalid) even though the username and password are correct.Can someone help me in the direction, on what might be the problem?
Created 09-13-2022 01:29 PM
@myzard
If you are positive the username and password entered are valid, this likely points to an issue in your login-identity-providers.xml ldap-provider configuration with the manager DN and/or manager password.
Since this is an xml file, the first question to ask is if the password contains any XML special characters (<, >, ", `, or &):
< replace with <
> replace with >
" replace with "
ˋ replace with '
& replace with &
If so, you'll need to escape them by using above substitutions.
Next is to use ldapsearch to verify the manager DN and manager password works using same configuration set in the ldap-provider (minus xml substitutions if any) against the same username and password.
Make sure the results from your ldapsearch on returns one matching user.
I have seen setups where ldap had same username multiple times under different DNs.
This will not work with NiFi login as NiFi would be unable to determine which is the actual user being authenticated. In this scenario, adjust your search base so that it only returns one user entry.
If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.
Thank you,
Matt
Created 09-20-2022 08:29 PM
not worked any solution ?
Created 09-22-2022 05:22 AM
@myzard
Did your LDAP manager password contain any XML special characters?
Did you verify ldapsearch worked from same same host were NiFi is installed using that manager DN and Manager password to get a return for the user you are trying to login in with?
what output did you get from ldap search?
For the ldap-provider, there are only two username and passwords in use:
1. Manager DN and Manager password configured in the ldap-provider
2. username and password entered at login interface.
Other suggestions:
- Make sure there are no leading or trailing whitespaces on the username or password configured in the provider or entered at the login windows.
- Make sure the nifi.properties file is properly configured for the ldap-provider and not a different login provider like kerberos-provider.
- Share you ldap-providers.xml file
Thanks,
Matt