Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

NiFi: LDAP Authentication Issue

Highlighted

NiFi: LDAP Authentication Issue

Explorer

I installed NiFi 1.7.1 and NiFi ToolKit.

And, I try to add LDAP auth in NiFi.

But, I try to login NiFI login page, but it occurs error " The supplied username and password are not valid."

login-identity-providers.xml :

<provider>
    <identifier>ldap-provider</identifier>
    <class>org.apache.nifi.ldap.LdapProvider</class>
    <property name="Authentication Strategy">SIMPLE</property>

    <property name="Manager DN">CN=admin,OU=NIFI,DC=evidnet,DC=com</property>
    <property name="Manager Password">passwd</property>

    <property name="TLS - Keystore"></property>
    <property name="TLS - Keystore Password"></property>
    <property name="TLS - Keystore Type"></property>
    <property name="TLS - Truststore"></property>
    <property name="TLS - Truststore Password"></property>
    <property name="TLS - Truststore Type"></property>
    <property name="TLS - Client Auth"></property>
    <property name="TLS - Protocol"></property>
    <property name="TLS - Shutdown Gracefully"></property>

    <property name="Referral Strategy">FOLLOW</property>
    <property name="Connect Timeout">10 secs</property>
    <property name="Read Timeout">10 secs</property>

    <property name="Url">ldap://myhost:389</property>
    <property name="User Search Base">OU=NIFI,DC=evidnet,DC=com</property>
    <property name="User Search Filter">(sAMAccountName={0})</property>

    <property name="Identity Strategy">USE_USERNAME</property>
    <property name="Authentication Expiration">12 hours</property>
</provider>

and, My LDAP Server table is with picture.

Why does not it work?

I entered the correct password, but it does not work.

(id: admin, password: passwd)

3 REPLIES 3

Re: NiFi: LDAP Authentication Issue

Master Guru

@Seongmin Park

-

What is the output from an ldapsearch?

ldapsearch -D "CN=admin,OU=NIFI,DC=evidnet,DC=com" -w passwd -p 389 -h myhost -b "OU=NIFI,DC=evidnet,DC=com" -s sub "sAMAccountName=admin"

-

Verify that the above returns a single entry:

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

-

If nothing is returned or more then 1 entry is returned, it is not going to work.

-

Thank you,

Matt

-

If you found this Answer addressed your original question, please take a moment to login and click "Accept" below the answer.

Re: NiFi: LDAP Authentication Issue

Explorer

@Matt Clarke

# extended LDIF
#
# LDAPv3
# base <OU=NIFI,DC=evidnet,DC=com> with scope subtree
# filter: sAMAccountName=admin
# requesting: ALL
#


# search result
search: 2
result: 0 Success


# numResponses: 1

So, It is not working ?

How do I do it?

Re: NiFi: LDAP Authentication Issue

Master Guru

@Seongmin Park

See if you can get any responses using that search base:

ldapsearch -D "CN=admin,OU=NIFI,DC=evidnet,DC=com"-w passwd -p 389-h myhost -b "OU=NIFI,DC=evidnet,DC=com"

If it returns some responses, look for the entry for yoru admin user and verify it actually contains the "sAMAccountName" field and has a value of "admin"


If that does not work, try changing your search base:

ldapsearch -D "CN=admin,OU=NIFI,DC=evidnet,DC=com"-w passwd -p 389-h myhost -b "DC=evidnet,DC=com"

Basically, NiFi is not going to be successful finding the user if you can't be successful from command line via ldapsearch.

Thanks,

Matt

Don't have an account?
Coming from Hortonworks? Activate your account here