Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

NiFi LDAP Authentication Error

Labels:
avatar
author-rank saikrishna_tara
Super Collaborator

Created on ‎08-15-2017 06:07 PM - edited ‎08-17-2019 07:43 PM

Hi ,

I am in the process of setting up my windows NiFi instance to use LDAP Authentication . I am getting the error below when i type in my userid and pwd.

i am also copying my ldap-identity-providers.xml login-identity-providers.xml,

app.log ,user log and authorizers.xml authorizers.xml

i followed this url https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-securing-nif.... to create keystore,truststore. i didn't create any client certificates as i am planning to use LDAP.

---Error from App log

017-08-15 12:02:50,322 INFO [NiFi Web Server-39] c.s.j.s.i.application.WebApplicationImpl Initiating Jersey application, version 'Jersey: 1.19 02/11/2015 03:25 AM' 2017-08-15 12:03:08,040 ERROR [NiFi Web Server-33] org.apache.nifi.ldap.LdapProvider Failed to negotiate TLS session; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 2017-08-15 12:03:21,908 ERROR [NiFi Web Server-53] org.apache.nifi.ldap.LdapProvider Failed to negotiate TLS session; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetested target 2017-08-15 12:03:21,908 ERROR [NiFi Web Server-53] org.apache.nifi.ldap.LdapProvider Failed to negotiate TLS session; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 2017-08-15 12:03:26,884 INFO [Write-Ahead Local State Provider Maintenance] org.wali.MinimalLockingWriteAheadLog org.wali.MinimalLockingWriteAheadLog@63b85d97 checkpointed with 1 Records and 0 Swap Files in 72 milliseconds (Stop-the-world time = 15 milliseconds, Clear Edit Logs time = 47 millis), max Transaction ID 2 2017-08-15 12:03:29,257 INFO [pool-10-thread-1] o.a.n.c.r.WriteAheadFlowFileRepository Initiating checkpoint of FlowFile Repository 2017-08-15 12:03:30,244 INFO [pool-10-thread-1] org.wali.MinimalLockingWriteAheadLog org.wali.MinimalLockingWriteAheadLog@61868687 checkpointed with 0 Records and 0 Swap Files in 978 milliseconds (Stop-the-world time = 224 milliseconds, Clear Edit Logs time = 738 millis), max Transaction ID -1

User log is attached.nifi-user.txt

Regards,

Sai

27470-ldaplogin.jpg

Preview file
7 KB
Preview file
4 KB
Preview file
34 KB
2,693 Views
0 Kudos
3 REPLIES 3

avatar
author-rank alopresto author-rank
Guru

Created ‎08-15-2017 06:37 PM

The error you pasted indicates that the truststore you configured for NiFi does not know any valid signers of the LDAP server's certificate. You can show this certificate by connecting to the LDAP server using OpenSSL s_client with the "-debug -state -showcerts" flags. Once you have that public certificate, you can examine the certificate chain and find an intermediate or root CA which signed it. You need to import that CA public certificate into the truststore you configure NiFi to use. "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" is the error which indicates this.

2,252 Views
0 Kudos

avatar
author-rank saikrishna_tara
Super Collaborator

Created ‎08-15-2017 07:25 PM

@Andy LoPresto

I am not an expert with SSL and certificates. where can i get more help on this.?

Regards,

Sai

2,252 Views
0 Kudos

avatar
author-rank alopresto author-rank
Guru

Created ‎08-15-2017 07:31 PM

Pierre Villard has written multiple tutorials about securing your NiFi instances with various authorizers. I would recommend following this Guide to Integrating NiFi and LDAP and refer to Secure Cluster Setup if necessary. The guide you were following originally was not designed to handle the LDAP certificates in your NiFi truststore, which is why you cannot make a secure connection to the LDAP server.

2,252 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner