Created 03-22-2017 09:48 PM
I have my authorizers.xml with my user setting in Initial Admin Identity value. I acces the login page, but when I try to access, have this error message: Unable to perform the desired action due to insufficient permissions. Contact the system administrator. I remove the http port from nifi.properties, change the Inital Admin Identity, use the same that is in the Manager DN in nifi.properties, delete the users.xml and authorizations.xml to create again with my user, they are created with policy to add user and roles, but I cannot get the UI in Nifi to add other users and assign roles to them. Any help will be apreciated.
Regards
PD: Adding screen shots and the autorized code
<authorizer> <identifier>file-provider</identifier> <class>org.apache.nifi.authorization.FileAuthorizer</class> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Users File">./conf/users.xml</property> <property name="Initial Admin Identity">CN=Lxxxxx Axxxxx</property> <property name="Legacy Authorized Users File"></property> <!-- Provide the identity (typically a DN) of each node when clustered, see above description of Node Identity. <property name="Node Identity 1"></property> <property name="Node Identity 2"></property> --> </authorizer>
Created 03-23-2017 02:12 PM
Anytime you encounter the message "Unable to perform the desired action due to insufficient permissions. Contact the system administrator.", you are having an authorization issue. Authentication issues present different errors.
You should inspect your nifi-user.log while trying to access the UI to see what the exact string is being passed to the authorizer. By default with ldap as your configured login identity provider, the full DN for the user who logged in is passed to the authorizer. By the looks of the above you configured on the CN= as your initial admin identity. The string passed to the authorizer will be shown in nifi-user.log and must matcha exactly (Case sensitive and spaces count as valid characters also.
Thanks,
Mat
Created 03-22-2017 11:48 PM
Below posts also have similar login error:
https://community.hortonworks.com/questions/63770/nifi-authorization-problem.html
Please see if this helps!
Created 03-23-2017 02:12 PM
Anytime you encounter the message "Unable to perform the desired action due to insufficient permissions. Contact the system administrator.", you are having an authorization issue. Authentication issues present different errors.
You should inspect your nifi-user.log while trying to access the UI to see what the exact string is being passed to the authorizer. By default with ldap as your configured login identity provider, the full DN for the user who logged in is passed to the authorizer. By the looks of the above you configured on the CN= as your initial admin identity. The string passed to the authorizer will be shown in nifi-user.log and must matcha exactly (Case sensitive and spaces count as valid characters also.
Thanks,
Mat
Created 03-23-2017 02:50 PM
Thanks for the answer, I just find out what the problem was. I authenticate against LDAP with my user name, not mi CN. So, when I change the Initial Admin Identity to my login name, all the problems were resolve. I find out this after reviewing the user log, as you suggest, and make the change. Now I'm adding user and assign policies to them.
Created 07-22-2020 04:37 AM
please can you provide me the doc about how to create LDAP auth for user and password nifi