Cloudera Community
mks27
user rank
Explorer

Re: Nifi LDAP user login issue.

by Explorer in Support Questions
‎05-23-2023 12:00 AM
‎05-23-2023 12:00 AM
Hi @cotopaul @SAMSAL @MattWho @steven-matison   Kindly help me to fix the issue.   user logs are below. 2023-05-23 02:52:25,863 INFO [main] o.a.n.a.FileUserGroupProvider Users/Groups file loaded at Tue May 23 02:52:25 EDT 2023 2023-05-23 02:52:25,864 INFO [main] o.a.n.a.FileAccessPolicyProvider Creating new authorizations file at /var/nifi/./conf/authorizations.xml 2023-05-23 02:52:26,254 INFO [main] o.a.n.a.FileAccessPolicyProvider Populating authorizations for Initial Admin: CN=mohit.kumar,OU=Managed services,DC=CORP,DC=SA,DC=ZAIN,DC=COM 2023-05-23 02:52:26,260 INFO [main] o.a.n.a.FileAccessPolicyProvider Authorizations file loaded at Tue May 23 02:52:26 EDT 2023 2023-05-23 02:52:26,263 INFO [main] o.a.n.a.FileUserGroupProvider Users/Groups file loaded at Tue May 23 02:52:26 EDT 2023 2023-05-23 02:52:26,268 INFO [main] o.a.n.a.FileAccessPolicyProvider Authorizations file loaded at Tue May 23 02:52:26 EDT 2023 2023-05-23 02:52:43,772 INFO [NiFi Web Server-24] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 192.168.32.206 [<anonymous>] GET https://10.*.*.*:9443/nifi-api/flow/current-user 2023-05-23 02:52:43,776 INFO [NiFi Web Server-24] o.a.n.w.s.NiFiAuthenticationFilter Authentication Success [anonymous] 192.168.32.206 GET https://10.*.*.*:9443/nifi-api/flow/current-user 2023-05-23 02:52:43,891 INFO [NiFi Web Server-24] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[anonymous], groups[none] does not have permission to access the requested resource. Unknown user with identity 'anonymous'. Returning Unauthorized response. 2023-05-23 02:53:37,220 INFO [NiFi Web Server-21] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[mohit.kumar], groups[] does not have permission to access the requested resource. Unknown user with identity 'mohit.kumar'. Returning Forbidden response. ... View more

Nifi LDAP user login issue.

by Explorer in Support Questions
‎05-22-2023 03:35 AM
‎05-22-2023 03:35 AM
Hello Team,   I have configured apache Nifi and integrated with LDAP, now when i try to login it gives below error.   Insufficient Permissions log out home Unknown user with identity 'cn=Mohit Kumar,ou=FM-Users,ou=Managed services,dc=CORP,dc=SA,dc=ZAIN,dc=COM'. Contact the system administrator.   == my login-identity-providers.xml   --> <provider> <identifier>ldap-provider</identifier> <class>org.apache.nifi.ldap.LdapProvider</class> <property name="Authentication Strategy">SIMPLE</property> <property name="Manager DN">CN=***********,OU=Groups,OU=*********,OU=********,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> <property name="Manager Password">**********</property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore"></property> <property name="TLS - Truststore Password"></property> <property name="TLS - Truststore Type"></property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol"></property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://****************:389</property> <property name="User Search Base">OU=Managed services,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> <property name="User Search Filter">sAMAccountName={0}</property> <property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider> =======   my conf/authorizers.xml   ===== <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">CN=Mohit Kumar,OU=FM-Users,OU=Managed services,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">CN=Mohit Kumar,OU=FM-Users,OU=Managed services,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1"></property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers>   =======   ldapsearch shows this user   # filter: sAMAccountName=mohit.kumar # requesting: ALL # # Mohit Kumar, FM-Users, Managed services, CORP.SA.ZAIN.COM dn: CN=Mohit Kumar,OU=FM-Users,OU=Managed services,DC=CORP,DC=SA,DC=ZAIN,DC=COM   Please help me to fix this issue. ... View more
Labels:

Re: Apache Nifi LDAP Authentication issue.

by Explorer in Support Questions
‎05-17-2023 11:39 PM
‎05-17-2023 11:39 PM
Hello @cotopaul @SAMSAL @MattWho @steven-matison   I have fixed the login provider issue and now when i try to login , i am getting below errors.   Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:190) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:79) at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:276) ... 109 common frames omitted Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:363) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:147) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:166) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:806) at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:260) at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:100) at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:86) at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:174) ... 111 common frames omitted Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3261) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2993) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2907) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:351) ... View more

Apache Nifi LDAP Authentication issue.

by Explorer in Support Questions
‎05-16-2023 11:00 PM
‎05-16-2023 11:00 PM
Hi Team,   I trying to configure Apache Nifi LDAP authentication,   Here is my nifi.properties.   ----- nifi.security.autoreload.enabled=false nifi.security.autoreload.interval=10 secs nifi.security.keystore=/var/tmp/mks/certs/keystore.jks nifi.security.keystoreType=PKCS12 nifi.security.keystorePasswd=************ nifi.security.keyPasswd= nifi.security.truststore=/var/tmp/mks/certs/keystore.jks nifi.security.truststoreType=JKS nifi.security.truststorePasswd=************** nifi.security.user.authorizer=managed-authorizer nifi.security.allow.anonymous.authentication=false nifi.security.user.login.identity.provider=ldap-provider nifi.security.user.jws.key.rotation.period=PT1H nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= ------   Here is my "login-identity-providers.xml"   ----- --> <provider> <identifier>ldap-provider</identifier> <class>org.apache.nifi.ldap.LdapProvider</class> <property name="Authentication Strategy">LDAPS</property> <property name="Manager DN">CN=**********,OU=Groups,OU=*********,OU=********,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> <property name="Manager Password">************</property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore"></property> <property name="TLS - Truststore Password"></property> <property name="TLS - Truststore Type"></property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol"></property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://***********:389</property> <property name="User Search Base">OU=Managed services,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> <property name="User Search Filter">sAMAccountName={0}</property> <property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider> -----   but i am getting below error.   Unable to load the login identity provider configuration file at: /var/nifi/conf/login-identity-providers.xml   File is there   # ls -ld /var/nifi/conf/login-identity-providers.xml -rw-rw-r--. 1 root root 7205 May 17 01:46 /var/nifi/conf/login-identity-providers.xml   Please help me to fix it. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎06-06-2023 03:04 AM
Community Statistics
Member Since ‎05-16-2023 10:52 PM
Last Visited ‎06-06-2023 03:04 AM
Posts 6