Created 09-12-2017 11:36 AM
Hello,
I'm doing some test with a nifi cluster (HDF 3), and I wanted to configure ldap as authentication service, I've not configured SSL yet but I would like to test the ldap authentication.
But when I try to access the cluster it directly logs me as anonymous and I can see the flows without any login screen.
My configuration is the following
login-identity-providers.xml
<provider> <identifier>ldap-provider</identifier> <class>org.apache.nifi.ldap.LdapProvider</class> <property name="Identity Strategy">USE_USERNAME</property> <property name="Authentication Strategy">SIMPLE</property> <property name="Manager DN">cn=Manager,dc=nifi,dc=int</property> <property encryption="aes/gcm/256" name="Manager Password">mIV4TPuSpfOGzd3E||FZnVyewmvoWGEmf1sF5cCTCy4tztrwo</property> <property name="TLS - Keystore"/> <property name="TLS - Keystore Password"/> <property name="TLS - Keystore Type"/> <property name="TLS - Truststore"/> <property name="TLS - Truststore Password"/> <property name="TLS - Truststore Type"/> <property name="TLS - Client Auth"/> <property name="TLS - Protocol"/> <property name="TLS - Shutdown Gracefully"/> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://node03.nifi.int:389</property> <property name="User Search Base">ou=Users,dc=nifi,dc=int</property> <property name="User Search Filter">uid={0}</property> <property name="Authentication Expiration">12 hours</property> </provider>
nifi.properties:
# Generated by Apache Ambari. Tue Sep 12 12:27:33 2017 nifi.administrative.yield.duration=30 sec nifi.authorizer.configuration.file=/usr/hdf/current/nifi/conf/authorizers.xml nifi.bored.yield.duration=10 millis nifi.cluster.flow.election.max.candidates=3 nifi.cluster.flow.election.max.wait.time=5 mins nifi.cluster.is.node=true nifi.cluster.node.address=node01.nifi.int nifi.cluster.node.connection.timeout=5 sec nifi.cluster.node.event.history.size=25 nifi.cluster.node.protocol.max.threads= nifi.cluster.node.protocol.port=9088 nifi.cluster.node.protocol.threads=10 nifi.cluster.node.read.timeout=5 sec nifi.cluster.protocol.heartbeat.interval=5 sec nifi.cluster.protocol.is.secure=False nifi.components.status.repository.buffer.size=1440 nifi.components.status.repository.implementation=org.apache.nifi.controller.status.history.VolatileComponentStatusRepository nifi.components.status.snapshot.frequency=1 min nifi.content.claim.max.appendable.size=10 MB nifi.content.claim.max.flow.files=100 nifi.content.repository.always.sync=false nifi.content.repository.archive.enabled=true nifi.content.repository.archive.max.retention.period=12 hours nifi.content.repository.archive.max.usage.percentage=50% nifi.content.repository.directory.default=/var/lib/nifi/content_repository nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository nifi.content.viewer.url=/nifi-content-viewer/ nifi.database.directory=/var/lib/nifi/database_repository nifi.documentation.working.directory=/var/lib/nifi/work/docs/components nifi.flow.configuration.archive.dir=/var/lib/nifi/archive/ nifi.flow.configuration.archive.enabled=true nifi.flow.configuration.archive.max.count= nifi.flow.configuration.archive.max.storage=500 MB nifi.flow.configuration.archive.max.time=30 days nifi.flow.configuration.file=/var/lib/nifi/conf/flow.xml.gz nifi.flowcontroller.autoResumeState=true nifi.flowcontroller.graceful.shutdown.period=10 sec nifi.flowfile.repository.always.sync=false nifi.flowfile.repository.checkpoint.interval=2 mins nifi.flowfile.repository.directory=/var/lib/nifi/flowfile_repository nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository nifi.flowfile.repository.partitions=256 nifi.flowservice.writedelay.interval=500 ms nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE nifi.kerberos.krb5.file= nifi.kerberos.service.keytab.location= nifi.kerberos.service.principal= nifi.kerberos.spnego.authentication.expiration=12 hours nifi.kerberos.spnego.keytab.location= nifi.kerberos.spnego.principal= nifi.login.identity.provider.configuration.file=/usr/hdf/current/nifi/conf/login-identity-providers.xml nifi.nar.library.directory=/usr/hdf/current/nifi/lib nifi.nar.working.directory=/var/lib/nifi/work/nar nifi.provenance.repository.always.sync=false nifi.provenance.repository.buffer.size=100000 nifi.provenance.repository.compress.on.rollover=true nifi.provenance.repository.debug.frequency=1_000_000 nifi.provenance.repository.directory.default=/var/lib/nifi/provenance_repository nifi.provenance.repository.encryption.key= nifi.provenance.repository.encryption.key.id= nifi.provenance.repository.encryption.key.provider.implementation= nifi.provenance.repository.encryption.key.provider.location= nifi.provenance.repository.implementation=org.apache.nifi.provenance.PersistentProvenanceRepository nifi.provenance.repository.index.shard.size=500 MB nifi.provenance.repository.index.threads=1 nifi.provenance.repository.indexed.attributes= nifi.provenance.repository.indexed.fields=EventType, FlowFileUUID, Filename, ProcessorID, Relationship nifi.provenance.repository.journal.count=16 nifi.provenance.repository.max.attribute.length=65536 nifi.provenance.repository.max.storage.size=1 GB nifi.provenance.repository.max.storage.time=24 hours nifi.provenance.repository.query.threads=2 nifi.provenance.repository.rollover.size=100 MB nifi.provenance.repository.rollover.time=30 secs nifi.queue.swap.threshold=20000 nifi.remote.input.host= nifi.remote.input.http.enabled=true nifi.remote.input.http.transaction.ttl=30 sec nifi.remote.input.secure=False nifi.remote.input.socket.port= nifi.security.identity.mapping.pattern.dn= nifi.security.identity.mapping.pattern.kerb= nifi.security.identity.mapping.value.dn= nifi.security.identity.mapping.value.kerb= nifi.security.keyPasswd= nifi.security.keystore=/usr/hdf/current/nifi/conf/keystore.jks nifi.security.keystorePasswd= nifi.security.keystoreType=jks nifi.security.needClientAuth=False nifi.security.ocsp.responder.certificate= nifi.security.ocsp.responder.url= nifi.security.truststore=/usr/hdf/current/nifi/conf/truststore.jks nifi.security.truststorePasswd= nifi.security.truststoreType=jks nifi.security.user.authorizer=file-provider nifi.security.user.login.identity.provider=ldap-provider nifi.sensitive.props.additional.keys= nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL nifi.sensitive.props.key=wSdxEcJ0QRZGwFfr||CVtSGQsYIUSOXzAQEQBvu+IQFiwFpM/ZldwZgA nifi.sensitive.props.key.protected=aes/gcm/256 nifi.sensitive.props.provider=BC nifi.state.management.configuration.file=/usr/hdf/current/nifi/conf/state-management.xml nifi.state.management.embedded.zookeeper.properties=/usr/hdf/current/nifi/conf/zookeeper.properties nifi.state.management.embedded.zookeeper.start=false nifi.state.management.provider.cluster=zk-provider nifi.state.management.provider.local=local-provider nifi.swap.in.period=5 sec nifi.swap.in.threads=1 nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager nifi.swap.out.period=5 sec nifi.swap.out.threads=4 nifi.templates.directory=/var/lib/nifi/templates nifi.ui.autorefresh.interval=30 sec nifi.ui.banner.text= nifi.variable.registry.properties= nifi.version=1.2.0.3.0.1.0-43 nifi.web.http.host=node01.nifi.int nifi.web.http.network.interface.default= nifi.web.http.port=9090 nifi.web.https.host= nifi.web.https.network.interface.default= nifi.web.https.port= nifi.web.jetty.threads=200 nifi.web.jetty.working.directory=/var/lib/nifi/work/jetty nifi.web.war.directory=/usr/hdf/current/nifi/lib nifi.zookeeper.connect.string=node02.nifi.int:2181,node01.nifi.int:2181,node03.nifi.int:2181 nifi.zookeeper.connect.timeout=3 secs nifi.zookeeper.root.node=/nifi nifi.zookeeper.session.timeout=3 secsDo you have any idea about what is happening?
Thank you in advance.
Created 09-12-2017 01:43 PM
NiFi must be configured to run securely over https using SSL before any user authentication can be used.
Thanks,
Matt
Created 09-12-2017 01:43 PM
NiFi must be configured to run securely over https using SSL before any user authentication can be used.
Thanks,
Matt