Support Questions

Find answers, ask questions, and share your expertise

NiFi: LDAP Authentication Issue

Explorer

I installed NiFi 1.7.1 and NiFi ToolKit.

And, I try to add LDAP auth in NiFi.

But, I try to login NiFI login page, but it occurs error " The supplied username and password are not valid."

login-identity-providers.xml :

<provider>
    <identifier>ldap-provider</identifier>
    <class>org.apache.nifi.ldap.LdapProvider</class>
    <property name="Authentication Strategy">SIMPLE</property>

    <property name="Manager DN">CN=admin,OU=NIFI,DC=evidnet,DC=com</property>
    <property name="Manager Password">passwd</property>

    <property name="TLS - Keystore"></property>
    <property name="TLS - Keystore Password"></property>
    <property name="TLS - Keystore Type"></property>
    <property name="TLS - Truststore"></property>
    <property name="TLS - Truststore Password"></property>
    <property name="TLS - Truststore Type"></property>
    <property name="TLS - Client Auth"></property>
    <property name="TLS - Protocol"></property>
    <property name="TLS - Shutdown Gracefully"></property>

    <property name="Referral Strategy">FOLLOW</property>
    <property name="Connect Timeout">10 secs</property>
    <property name="Read Timeout">10 secs</property>

    <property name="Url">ldap://myhost:389</property>
    <property name="User Search Base">OU=NIFI,DC=evidnet,DC=com</property>
    <property name="User Search Filter">(sAMAccountName={0})</property>

    <property name="Identity Strategy">USE_USERNAME</property>
    <property name="Authentication Expiration">12 hours</property>
</provider>

and, My LDAP Server table is with picture.

Why does not it work?

I entered the correct password, but it does not work.

(id: admin, password: passwd)

3 REPLIES 3

Master Guru

@Seongmin Park

-

What is the output from an ldapsearch?

ldapsearch -D "CN=admin,OU=NIFI,DC=evidnet,DC=com" -w passwd -p 389 -h myhost -b "OU=NIFI,DC=evidnet,DC=com" -s sub "sAMAccountName=admin"

-

Verify that the above returns a single entry:

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

-

If nothing is returned or more then 1 entry is returned, it is not going to work.

-

Thank you,

Matt

-

If you found this Answer addressed your original question, please take a moment to login and click "Accept" below the answer.

Explorer

@Matt Clarke

# extended LDIF
#
# LDAPv3
# base <OU=NIFI,DC=evidnet,DC=com> with scope subtree
# filter: sAMAccountName=admin
# requesting: ALL
#


# search result
search: 2
result: 0 Success


# numResponses: 1

So, It is not working ?

How do I do it?

Master Guru

@Seongmin Park

See if you can get any responses using that search base:

ldapsearch -D "CN=admin,OU=NIFI,DC=evidnet,DC=com"-w passwd -p 389-h myhost -b "OU=NIFI,DC=evidnet,DC=com"

If it returns some responses, look for the entry for yoru admin user and verify it actually contains the "sAMAccountName" field and has a value of "admin"


If that does not work, try changing your search base:

ldapsearch -D "CN=admin,OU=NIFI,DC=evidnet,DC=com"-w passwd -p 389-h myhost -b "DC=evidnet,DC=com"

Basically, NiFi is not going to be successful finding the user if you can't be successful from command line via ldapsearch.

Thanks,

Matt

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.