Can you provide the complete logs to debug further. ... View more

@Matt Really Thanks for the guidance. its working. i wll go through the links which you have shared. ... View more

@Matt yeah its working but this working but still i am seeing some of the components are disabled in Canvas. To enable this components for other "non inital admin user" do i need to enable any policy? ... View more

Thanks i got it 🙂 ... View more

@Matt I have assigned "Access All Policies" to a new created normal user but when i loged in as normal user that policies tab not highlighted. Do i need to assign any othe policies to make that user act as admin. ... View more

@Matt Thanks Much 🙂 It works like charm. and thanks for your patience too 🙂 ... View more

@Matt Sure 🙂 Please find the Log.initial message i am seeing successs but after that iam seeing "AccessDeniedException: Unknown user with identity" exception. My question is for all users i need to add all the DN details. like below cn=o.1548691,ou=Users,ou=Accounts,ou=ITSC,dc=zone1,dc=testdev,dc=net Using username(o.1548691)nifi will not do automatic lookup? 2017-01-25 02:05:30,069 INFO [NiFi Web Server-46] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for cn=o.1548691,ou=Users,ou=Accounts,ou=ITSC,dc=zone1,dc=testdev,dc=net 2017-01-25 02:05:30,069 DEBUG [NiFi Web Server-46] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: cn=o.1548691,ou=Users,ou=Accounts,ou=ITSC,dc=zone1,dc=testdev,dc=net 2017-01-25 02:05:30,069 DEBUG [NiFi Web Server-46] o.a.n.w.s.a.NiFiAnonymousUserFilter SecurityContextHolder not populated with anonymous token, as it already contained: 'cn=o.1548691,ou=Users,ou=Accounts,ou=ITSC,dc=zone1,dc=testdev,dc=net' 2017-01-25 02:05:30,070 INFO [NiFi Web Server-46] o.a.n.w.a.c.AccessDeniedExceptionMapper cn=o.1548691,ou=Users,ou=Accounts,ou=ITSC,dc=zone1,dc=testdev,dc=net does not have permission to access the requested resource. Returning Forbidden response. 2017-01-25 02:05:30,071 DEBUG [NiFi Web Server-46] o.a.n.w.a.c.AccessDeniedExceptionMapper org.apache.nifi.authorization.AccessDeniedException: Unknown user with identity 'cn=o.1548691,ou=Users,ou=Accounts,ou=ITSC,dc=zone1,dc=testdev,dc=net'. at org.apache.nifi.web.api.FlowResource.authorizeFlow(FlowResource.java:226) ~[classes/:na] at org.apache.nifi.web.api.FlowResource.getCurrentUser(FlowResource.java:312) ~[classes/:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_102] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_102] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_102] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_102] at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) ~[jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) [jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) [jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) [jersey-server-1.19.jar:1.19] at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) [jersey-server-1.19.jar:1.19] at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) [jersey-servlet-1.19.jar:1.19] at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558) [jersey-servlet-1.19.jar:1.19] at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733) [jersey-servlet-1.19.jar:1.19] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api-3.1.0.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689) [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517] at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:51) [jetty-servlets-9.3.9.v20160517.jar:9.3.9.v20160517] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676) [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517] at org.apache.nifi.web.filter.RequestLogger.doFilter(RequestLogger.java:66) [classes/:na] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676) [jetty-servlet-9.3.9.v20160517.jar:9.3.9.v20160517] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316) [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] ... View more

@Bryan Bende "only the NiFi nodes themselves do, NiFi still needs to be running on https." It means only SSL cert for the Node? for example if my Nifi is running on the domain nifi.test.com for this domain do i need to generate SSL? "Self signed cert will work" for testing in the ldap environment. And evertime even if i gave LDAP users DN given in the "Initial Admin" still its comparing With SSL cert value and its saying "Unable to perform the desired action due to insufficient permissions. Contact the system administrator." Can you guide on this. ... View more

@Bryan Bende Can you guide on this. ... View more