Member since
05-16-2023
8
Posts
0
Kudos Received
0
Solutions
02-13-2025
08:11 AM
Hi @MattWho , Thank you for your reply, is there any way we can use 2 LDAP URL and Manager DN for Nifi ? Mohit Kumar
... View more
02-13-2025
01:06 AM
Hi Team, We want to integrate Nifi with 2 LDAP servers and both have different manager DN, we are using below config in "login-identity-providers.xml" file <provider>
<identifier>ldap-provider-1</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">CN=yaqootnifi,OU=Groups,OU=UATOCP,OU=OpenShift,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property>
<property name="Manager Password">*********</property>
<property name="TLS - Keystore"></property>
<property name="TLS - Keystore Password"></property>
<property name="TLS - Keystore Type"></property>
<property name="TLS - Truststore"></property>
<property name="TLS - Truststore Password"></property>
<property name="TLS - Truststore Type"></property>
<property name="TLS - Client Auth"></property>
<property name="TLS - Protocol"></property>
<property name="TLS - Shutdown Gracefully"></property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://sarycrpdc01.corp.sa.zain.com:389</property>
<property name="User Search Base">DC=CORP,DC=SA,DC=ZAIN,DC=COM</property>
<property name="User Search Filter">sAMAccountName={0}</property>
<property name="Identity Strategy">USE_USERNAME</property>
<property name="Authentication Expiration">12 hours</property>
</provider>
<provider>
<identifier>ldap-provider-2</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">CN=yaqootoscp,OU=Service Accounts,DC=OS,DC=LOCAL</property>
<property name="Manager Password">********</property>
<property name="TLS - Keystore"></property>
<property name="TLS - Keystore Password"></property>
<property name="TLS - Keystore Type"></property>
<property name="TLS - Truststore"></property>
<property name="TLS - Truststore Password"></property>
<property name="TLS - Truststore Type"></property>
<property name="TLS - Client Auth"></property>
<property name="TLS - Protocol"></property>
<property name="TLS - Shutdown Gracefully"></property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://10.123.105.18:389</property>
<property name="User Search Base">DC=OS,DC=LOCAL</property>
<property name="User Search Filter">sAMAccountName={0}</property>
<property name="Identity Strategy">USE_USERNAME</property>
<property name="Authentication Expiration">12 hours</property>
</provider> and below config in "nifi.properties" file nifi.security.user.login.identity.provider=ldap-provider-1, ldap-provider-2 But it is not working and we are getting below error. Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [java.lang.Object]: Factory method 'loginIdentityProvider' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'loginIdentityProviderFactoryBean': FactoryBean threw exception on object creation; nested exception is java.lang.Exception: The specified login identity provider 'ldap-provider-1, ldap-provider-2' could not be found.
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
... 53 common frames omitted
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'loginIdentityProviderFactoryBean': FactoryBean threw exception on object creation; nested exception is java.lang.Exception: The specified login identity provider 'ldap-provider-1, ldap-provider-2' could not be found.
... View more
Labels:
- Labels:
-
Apache NiFi
05-17-2023
11:39 PM
Hello @cotopaul @SAMSAL @MattWho @steven-matison I have fixed the login provider issue and now when i try to login , i am getting below errors. Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@] at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:190) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:79) at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:276) ... 109 common frames omitted Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:363) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:147) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:166) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:806) at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:260) at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:100) at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:86) at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:174) ... 111 common frames omitted Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563^@] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3261) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2993) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2907) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:351)
... View more
05-16-2023
11:00 PM
Hi Team, I trying to configure Apache Nifi LDAP authentication, Here is my nifi.properties. ----- nifi.security.autoreload.enabled=false nifi.security.autoreload.interval=10 secs nifi.security.keystore=/var/tmp/mks/certs/keystore.jks nifi.security.keystoreType=PKCS12 nifi.security.keystorePasswd=************ nifi.security.keyPasswd= nifi.security.truststore=/var/tmp/mks/certs/keystore.jks nifi.security.truststoreType=JKS nifi.security.truststorePasswd=************** nifi.security.user.authorizer=managed-authorizer nifi.security.allow.anonymous.authentication=false nifi.security.user.login.identity.provider=ldap-provider nifi.security.user.jws.key.rotation.period=PT1H nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate= ------ Here is my "login-identity-providers.xml" ----- --> <provider> <identifier>ldap-provider</identifier> <class>org.apache.nifi.ldap.LdapProvider</class> <property name="Authentication Strategy">LDAPS</property> <property name="Manager DN">CN=**********,OU=Groups,OU=*********,OU=********,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> <property name="Manager Password">************</property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore"></property> <property name="TLS - Truststore Password"></property> <property name="TLS - Truststore Type"></property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol"></property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://***********:389</property> <property name="User Search Base">OU=Managed services,DC=CORP,DC=SA,DC=ZAIN,DC=COM</property> <property name="User Search Filter">sAMAccountName={0}</property> <property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider> ----- but i am getting below error. Unable to load the login identity provider configuration file at: /var/nifi/conf/login-identity-providers.xml File is there # ls -ld /var/nifi/conf/login-identity-providers.xml -rw-rw-r--. 1 root root 7205 May 17 01:46 /var/nifi/conf/login-identity-providers.xml Please help me to fix it.
... View more
Labels:
- Labels:
-
Apache NiFi