Support Questions

Hi  @Shelton 

Steps followed when integrating NiFi with LDAP:-

Step 1:- Generated SSL certificates using tls toolkit

$ ./bin/tls-toolkit.sh standalone -n "ambari.server" -C 'CN=admin,OU=NIFI' -o admin

Generated files using above command:

[root@ambari nifi-toolkit]# tree admin/
admin/
├── ambari.server
│   ├── keystore.jks
│   ├── nifi.properties
│   └── truststore.jks
├── CN=admin_OU=NIFI.p12
├── CN=admin_OU=NIFI.password
├── nifi-cert.pem
└── nifi-key.key

Step 2:- Did NiFi SSL setup using Apache Ambari UI

2.1) Copied keystore.jks, nifi.properties & truststore.jks in NiFi conf directory

2.2) Configured Apache NiFi SSL setup

https://drive.google.com/file/d/1DJUZE7cWseQkWl_En0_Rh_VSI39y3FiY/view?usp=sharing

2.3) Imported CN=admin_OU=NIFI.p12 certificate in browser for Initial Admin Login

2.4) Logged in with Initial Admin Identity via certificates. Also created users and given view & modify privileges in NiFi as mentioned in https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap/comment-page-1/ 

Step 3:- Did NiFi LDAP configuration

LDAP configuration:

<provider>
    <identifier>ldap-provider</identifier>
    <class>org.apache.nifi.ldap.LdapProvider</class>
    <property name="Authentication Strategy">SIMPLE</property>
    <property name="Manager DN">cn=admin,dc=example,dc=org</property>
    <property name="Manager Password">admin</property>
    <property name="Referral Strategy">IGNORE</property>
    <property name="Connect Timeout">10 secs</property>
    <property name="Read Timeout">10 secs</property>
    <property name="Url">ldap://ldap_ip_address:389</property>
    <property name="User Search Base">dc=example,dc=org</property>
    <property name="User Search Filter">cn={0}</property>
    <property name="Authentication Expiration">12 hours</property>
 </provider>

Just wondering is this host existing ?? >> Yes, LDAP and the associated LDIF host exist and tested with ldapsearch

[root@ambari nifi-toolkit]# ldapsearch -x -b "dc=example,dc=org" -h ldap_ip_address -p 389 -D "cn=admin,dc=example,dc=org" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example

# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9TWpBN21xQ3VVdURYQ1k1cVpRd0x0NjE0NE9HcnVEQm0=

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

After following above steps when I try to login with LDAP users, I am getting unable to login in NiFi UI

Can you suggest where things are going wrong?