Support Questions
Find answers, ask questions, and share your expertise

unable to login in NiFi when integrated with LDAP

Highlighted

unable to login in NiFi when integrated with LDAP

New Contributor

Hello All,

 

            I have generated certificates for Initial Admin Identity using tls toolkit and secured my standalone NiFi node. I am able to login with Initial Admin Identity via client certificates. I have also created my LDAP users in NiFi and given them permissions to view and modify NiFi UI using Initial Admin Identity user.

 

But when I am trying to login with my LDAP users, I am getting unable to login in NiFi UI.

 

LDAP configuration:

<provider>
    <identifier>ldap-provider</identifier>
    <class>org.apache.nifi.ldap.LdapProvider</class>
    <property name="Authentication Strategy">SIMPLE</property>
    <property name="Manager DN">cn=admin,dc=example,dc=org</property>
    <property name="Manager Password">admin</property>
<property name="Referral Strategy">IGNORE</property>
<property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://ldap_hostname:389</property> <property name="User Search Base">dc=example,dc=org</property> <property name="User Search Filter">cn={0}</property> <property name="Authentication Expiration">12 hours</property> </provider>

 

There is no information present in app and users NiFi logs related to unable to login issue.

 

Can someone suggest where things are going wrong & why am I getting unable to login in NiFi UI? How can we successfully login in NiFi with LDAP as authentication provider?

 

2 REPLIES 2

Re: unable to login in NiFi when integrated with LDAP

Mentor

@nishant2305 

Can you share the walkthrough of your setup? generation of cert using tls toolkit?  Just wondering is this host existing ??

ldap://ldap_hostname:389

And the associated LDIF

dc=example,dc=org

 

cn=admin,dc=example,dc=org

Please revert

 

Highlighted

Re: unable to login in NiFi when integrated with LDAP

New Contributor

Hi  @Shelton 

 

Steps followed when integrating NiFi with LDAP:-

 

Step 1:- Generated SSL certificates using tls toolkit

 

$ ./bin/tls-toolkit.sh standalone -n "ambari.server" -C 'CN=admin,OU=NIFI' -o admin

 

Generated files using above command:

 

[root@ambari nifi-toolkit]# tree admin/
admin/
├── ambari.server
│   ├── keystore.jks
│   ├── nifi.properties
│   └── truststore.jks
├── CN=admin_OU=NIFI.p12
├── CN=admin_OU=NIFI.password
├── nifi-cert.pem
└── nifi-key.key

 

Step 2:- Did NiFi SSL setup using Apache Ambari UI

 

2.1) Copied keystore.jks, nifi.properties & truststore.jks in NiFi conf directory

 

2.2) Configured Apache NiFi SSL setup

https://drive.google.com/file/d/1DJUZE7cWseQkWl_En0_Rh_VSI39y3FiY/view?usp=sharing

 

2.3) Imported CN=admin_OU=NIFI.p12 certificate in browser for Initial Admin Login

 

2.4) Logged in with Initial Admin Identity via certificates. Also created users and given view & modify privileges in NiFi as mentioned in https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap/comment-page-1/ 

 

Step 3:- Did NiFi LDAP configuration

 

LDAP configuration:

<provider>
    <identifier>ldap-provider</identifier>
    <class>org.apache.nifi.ldap.LdapProvider</class>
    <property name="Authentication Strategy">SIMPLE</property>
    <property name="Manager DN">cn=admin,dc=example,dc=org</property>
    <property name="Manager Password">admin</property>
    <property name="Referral Strategy">IGNORE</property>
    <property name="Connect Timeout">10 secs</property>
    <property name="Read Timeout">10 secs</property>
    <property name="Url">ldap://ldap_ip_address:389</property>
    <property name="User Search Base">dc=example,dc=org</property>
    <property name="User Search Filter">cn={0}</property>
    <property name="Authentication Expiration">12 hours</property>
 </provider>

 

Just wondering is this host existing ?? >> Yes, LDAP and the associated LDIF host exist and tested with ldapsearch

 

[root@ambari nifi-toolkit]# ldapsearch -x -b "dc=example,dc=org" -h ldap_ip_address -p 389 -D "cn=admin,dc=example,dc=org" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example

# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9TWpBN21xQ3VVdURYQ1k1cVpRd0x0NjE0NE9HcnVEQm0=

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

 

After following above steps when I try to login with LDAP users, I am getting unable to login in NiFi UI

 

Can you suggest where things are going wrong?

Don't have an account?