Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Welcome to the upgraded Community! Read this blog to see What’s New!

Unknown user with identity 'CN=nifi_admin, OU=NIFI'. Contact the system administrator

Labels:
avatar
author-rank SAMSAL
Master Collaborator

Created on ‎04-08-2022 05:40 AM - edited ‎04-08-2022 05:42 AM

Hi,

I have downloaded version 1.16 which is the latest. Im trying to secure nifi with TLS and LDAP. However I keep getting the followning message :

 

Unknown user with identity 'CN=nifi_admin, OU=NIFI'. Contact the system administrator

 

My Nifi,properties has the following set :

 

   nifi.security.user.authorizer=managed-authorizer

    nifi.security.user.login.identity.provider=ldap-provider

 

If I have set as follows it works and it accepts the cert & authentication:

   

  nifi.security.user.authorizer=single-user-authorizer

   nifi.security.user.login.identity.provider=single-user-provider

 

My Authorizer file has the identity set as follows:

 

<userGroupProvider>

...<property name="Initial User Identity 1">CN=nifi_admin, OU=NIFI</property>
</userGroupProvider>

 

<accessPolicyProvider>
...
<property name="Initial Admin Identity">CN=nifi_admin, OU=NIFI</property>
<property name="Legacy Authorized Users File"></property>
<property name="Node Identity 1"></property>
...
</accessPolicyProvider>

 

Im trying to log in first with the cert idenitity nifi_admin so I can start adding ldap users. If I log it as single user I dont see Users & Policies menu items. Can someone help point me in the right direction.

1,330 Views
0 Kudos
5 REPLIES 5

avatar
author-rank Mohamed_Shaaban
New Contributor

Created ‎11-23-2022 01:59 PM

Hello SAMSAL,

If your problem solved ... Can you please share with me the correct conf to solve this issue ?? as i faced same issue to login after enable LDAP

1,177 Views
0 Kudos

avatar
author-rank MattWho author-rank
Mentor

Created ‎11-28-2022 12:01 PM

@Mohamed_Shaaban 
I recommend starting a new community question with the details specific to your setup.  This allows the community to address/assist with your specific setup versus comparing your issue to what was shared in this post.

Thanks,
Matt

1,085 Views
0 Kudos

avatar
author-rank SAMSAL
Master Collaborator

Created ‎11-24-2022 03:33 PM

Hi Mohamed,

I know the frustration. Its been a while honestly and I dont recall how did I resolve it, but for me I remember when I upgraded to 1.16 it took few times of uninstall\resinstall for it to work correctly. Can you please post what you have in your authorizer.xml and what is in the nifi.properties file regarding the security configuration -like I did above - . Also keep in mind the Initial User Identity is case sensitive so make sure that the one associated with the certificate files for the trust store and keystore and the one you define in the authorizer are the same letter case. Let me know.

 

Thanks

1,142 Views
0 Kudos

avatar
author-rank myzard
Explorer

Created ‎11-27-2022 10:44 PM

have you set in  Advanced nifi-properties

    nifi.security.user.login.identity.provider = ldap-provider
    nifi.cluster.is.node = false (setting false if standalone)
    nifi.security.identity.mapping.pattern.dn = ^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
    nifi.security.identity.mapping.value.dn = $1@$2
    
1,114 Views
0 Kudos

avatar
author-rank SAMSAL
Master Collaborator

Created ‎11-28-2022 10:41 AM

No . I dont think I have used the following :

nifi.security.identity.mapping.pattern.dn =
nifi.security.identity.mapping.value.dn =

 

Have you tried using simple single authorization just to see if you can log in. It helps in this cases to start from simple config and then build up just to be able to isolate where the issue is.

hope that helps

 

1,090 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Streaming Analytics (CSA) 1.11 with support for Ice...
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an ope...
What's New @ Cloudera
Cloudera Operational Database (COD) is available as a Techni...
What's New @ Cloudera
Cloudera Operational Database (COD) has removed the COD_ON_G...
Community Announcements
Introducing the new and improved Community!
View More Announcements
Labels