Member since
07-30-2019
3406
Posts
1623
Kudos Received
1008
Solutions
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 337 | 12-17-2025 05:55 AM | |
| 398 | 12-15-2025 01:29 PM | |
| 418 | 12-15-2025 06:50 AM | |
| 371 | 12-05-2025 08:25 AM | |
| 605 | 12-03-2025 10:21 AM |
08-18-2023
05:16 AM
3 Kudos
@sinRudra As a workaround you could take the "nifi-standard-nar-1.16.3.nar" from the NiFi 1.16.3 distro and add it to your NiFi 1.21 install. This will give you access to both version of all the standard nar components. The nifi-standard-nar does however contain a lot of components besides just listFTP. You'll end up seeing two available versions of a lot of components with either 1.21.0 or 1.16.3 as the version when adding components to the canvas. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-17-2023
12:00 PM
1 Kudo
@leqlaz777 What version of NiFi are you using? How large is your response body? I have no issues creating FlowFile Attributes with values larger then 256 bytes. Can you share your processors being used and the configuration of them? Thank you, Matt
... View more
08-17-2023
10:19 AM
@abdullahvvs What exceptions are you seeing in the nifi-app.log when this processor gets scheduled to execute? Does your NiFi service user have ability to execute python3? Does your NiFi service user have ability to travers the directory tree and read /opt/nifi/nifi-current/Testxx.py? If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-17-2023
10:14 AM
1 Kudo
@sinRudra I recommend reading through the comments, suggestions, and troubleshooting done within the following Apache NiFi Jira to see if you are encountering similar observations. https://issues.apache.org/jira/browse/NIFI-10143 If so, it may be best to create a new Apache JIra for your specific character set issues to see what the committer community can do for you. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-17-2023
09:37 AM
1 Kudo
@edim2525 Just to add to what @cotopaul already shared: Out-of-the-box NiFi install sets users up with a single user authorizer and single user login provider. These provider are not designed for production use, but where designed to allow for an easy out-of-the-box secure install of NiFi. This default provider allows for only a single user with full unmanaged access to NiFi. See links provided by @cotopaul for more info there. Reconfiguring your out-of-the-box NiFi configuration to instead use a managed authorizer would then give you the ability to create various levels of authorization for different authenticated users. The managed authorizer used a file-access-policy-provider and file-user-group-provider to create and seed the users.xml and authorizations.xml files upon first startup. After these files exist, those two providers will not modify them via any config changes you make within the providers. The initial user identity and initial admin defined in those providers will seed those files with the required authorization policies for that authenticated user to perform admin type actions (such as authorizing additional authenticated users against various NiFi policies. NiFi does NOT have the ability to managed local users, this means that user authentication must be handled via an external method. The most commonly used method for user authentication are Mutual TLS using clientAuth certificate, ldap-provider (allowing user authentication via. uses ldap username and password), and kerberos based authentication (via Spnego or Kerberos-provider login provider). Once your NiFi is setup to support multi-user authentication and authorization, your "initial admin" will have ability to define additional user authorizations including those authorization your initial admin was pre-configured with. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-16-2023
06:00 AM
@edim2525 It would be very difficult to tell you exactly what is wrong without seeing your AD entries. The User Search Base should be set to what ever base level is needed to be able to search on all user DNs that are members of your nifi-admins group. This may require you to change the "User Search Scope" to " SUBTREE", but again I can't say for sure for your AD. I see you set up an or in your "User Search Filter" even though you only have one filter, but that should not be an issue. Are you also trying to return only that one group "nifi-admins"? If so, you could also add the following "Group Search Filter" to limit your returned groups to just one. (cn=nifi-admins) The ldap-user-group-provider also does not require that your setup both "user" sync and "group" sync as it is often possible to make user to group associations with only setting up one or the other. for example: <property name="User Search Base"></property>
<property name="User Object Class"></property>
<property name="User Search Scope">ONE_LEVEL</property>
<property name="User Search Filter"></property>
<property name="User Identity Attribute">sAMAccountName</property>
<property name="User Group Name Attribute"></property>
<property name="User Group Name Attribute - Referenced Group Attribute"></property>
<property name="Group Search Base">XXX</property>
<property name="Group Object Class">group</property>
<property name="Group Search Scope">ONE_LEVEL</property>
<property name="Group Search Filter">(|(cn=nifi-admins)(cn=nifi-team1))</property>
<property name="Group Name Attribute">cn</property>
<property name="Group Member Attribute">member</property>
<property name="Group Member Attribute - Referenced User Attribute"></property> What above config will do is initiate a group sync only execution returning a member user DNs from the "member" attributes found on the groups "nifi-admins" and "nifi-team1". For each of those returned Member DNs, the provider will search those users in AD to retrieve thee user Identity string from the sAMAccountName attribute of each users AD entry. Those sAMAccountName user strings then get associated with the appropriate group. There are many ways to set this up, but they all depend on an individuals LDAP/AD entries, so all I can make are suggestions and examples based on commonly seen structures. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-15-2023
06:59 AM
2 Kudos
@learner-loading The Site-To-Site functionality in NiFi has not evolved a whole lot since it was first introduced. You have an initial client server connection over http(s) followed by FlowFile transfer via either the same HTTP(s) connection or via a dedicated Raw socket connection depending on the configuration on the server side of the connection. To use a mutual TLS HTTPS connection for initial connection, the following property must be set tp true: nifi.remote.input.secure=true In order to set this to true, NiFi must be configured with a keystore and truststore in the nifi.properties file as well. To support HTTP(s) FlowFile transfer the following property must be set to "true": nifi.remote.input.http.enabled=true To support RAW socket connection for FlowFile transfer, the following property must be configured with a port not in use by all nodes in yoru NiFi cluster: nifi.remote.input.socket.port=10443 The Remote Process Group is always the "client" in the site-to-site connection. The Remote Input and Remote output ports are then the "server" side of the connection. So when the Remote Process Group (RPG) has been configured with a URL(s) (If target NiFi is a cluster setup, you can optionally provide a comma separated list of URLs for the hosts in the same target cluster to offer some redundancy in case one of the target nodes is down), the RPG will start automatically connecting to first URL to try to fetch Site-To-Site (S2S) details about the server side of this connection. Those server details include if the server side is configured secure or unsecured, if it supports HTTP, RAW, or both, the URLs for all connected nodes in target cluster, NiFi HTTTP port for all connected nodes, RAW port for all connected nodes, total amount of queued FlowFiles on each connected node, Available Remote Input and Output ports on target NiFi cluster. With an HTTPS enabled Site-To-Site, the keystore and truststore files configured on both source/client Nifi and target/server NiFi will be used in the mutual TLS handshake connection made (The client certificate DN is used as the client identity passed to the server that needs to be properly authorized on the target Remote Input and Output ports. If authorization is successful and the ROPG has "enabled transmission" FlowFiles will be able to transfer from RPG to Remote Input Port or From a Remote Output Port to the RPG. Better load-balancing is achieved with RPG pushing to Remote Input Ports. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-15-2023
06:23 AM
@Tenda Since you are saying you can freely navigate the NiFi UI when in this "stuck" state, NiFi is not stuck as both the UI and processor components all operate within the same JVM. What you circled indicates that at the exact moment (last time browser refreshed) there were 24 active threads out of the 32 configured in the Max Timer Driven Thread pool settings. Milliseconds later that could still be 24 active threads but consumed by different components. The NiFi processors will all show small a small number in the upper right corner if they have an active threads, so step one is determining which processors are holding these 24 threads for a long time. Then looking at those processors and the thread dumps to figure out why those threads are long running. Typically we would see this when external service connections are made which are unstable, network issues, local NiFi repo I/O, NiFi CPU utilization, or long or very frequent GC pauses, or even OOMs. So you have ruled out a few of these so far it sounds. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-15-2023
06:10 AM
1 Kudo
@edim2525 You have a configuration issue in your ldap-user-group-provider within the authorizers.xml. The following filter will not work in this provider. <property name="User Search Filter">(sAMAccountName={0})</property> "{0}" can only be used in the ldap-provider within the login-identity-providers.xml configuration file. That string gets replaced with the username entered at the NiFi login window. The ldap-user-group-provider executes independent of any input every 30 mins to sync current users and groups. So here is is literally looking for a user with that sAMAccountName which does not exist, so no users are be synced. All you are getting back is groups. A more common User Search Filter would be an "or" of select groups that you will be using to authorize various levels of access to your NiFi. Leaving blank would sync all users at ONE_LEVEL of your configured User Search Base. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more
08-14-2023
08:10 AM
@tej_s @jakese There are some recently discovered issues seen as more individuals start using the encrypted repository capability that have been addressed in Apache NiFi 1.23. I encourage you to see if you can reproduce your issue with release 1.23 or newer. Some specific related fix that are part of 1.23: https://issues.apache.org/jira/browse/NIFI-10235 https://issues.apache.org/jira/browse/NIFI-11670 11670 fixed some offset tracking issues and content handling issues that could very likely be causing your issue. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more