Cloudera Community
mks27
user rank
Explorer

Re: LDAP Integration with 2 Identifier

by Master Mentor Master Mentor in Support Questions
‎02-13-2025 09:56 AM
‎02-13-2025 09:56 AM
@mks27  What you are trying accomplish is not possible in NiFi. In my 15 years of working with NiFi, I believe this is first time I have seen such a request. So what you are expecting to happen is NiFi presents the login window and a user supplies a username and password.  You then expect NiFi to attempt authentication via one ldap provider and if that results in unknown username or bad password response, move on to next ldap provider an attempt again? The users that will need access to your NiFi don't all exist in just one of your ldaps? I suppose if you have a multi node NiFi cluster setup, you could configure the ldap-provider on one node to use one of the ldap servers and the ldap-provider on another node to use the other ldap server.   Since the NiFi cluster can be accessed from any node, you would just need make sure your users access the NIFi cluster from the appropriate node that is configured with their ldap server. NOTE: Authorization (happens after successful authentication) need to be identical on all nodes in a cluster, but that is not an issue here. You'll just configure the authorizers.xml so that all user and group identities from both ldaps are authorized appropriately.  This bootleg way of facilitating authentication via multiple LDAPs, is not something I have ever tested/tried, but believe would work. You could also raise an improvement jira in Apache Jira NiFi project to see if the community might be interested in implementing this change, but I don't anticipate there is much demand for it. https://issues.apache.org/jira/browse/NIFI Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

Re: Nifi LDAP user login issue.

by Master Mentor Master Mentor in Support Questions
‎09-14-2023 11:10 AM
1 Kudo
‎09-14-2023 11:10 AM
1 Kudo
@LKB  You would get better traction/feedback if you start your own community question.  Your query is not very related to issue in this post.    As far as the one question related to this post about encrypted manager password,  @mks27 simply masked it by using "***" in his post.  NiFi does not replace actual password with * when encrypting sensitive passwords. The NiFi Encrypt-Config Toolkit  can be used to encrypt passwords used in various NiFi configuration files: https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#encrypt_config_tool Thank you, Matt ... View more

Re: Apache Nifi LDAP Authentication issue.

by Master Mentor Master Mentor in Support Questions
‎05-26-2023 12:18 PM
‎05-26-2023 12:18 PM
@mks27  Your configuration has a ldap://... address; however, you have configured the "authentication strategy as LDAPS.  This needs to be "SIMPLE" instead of "LDAPS".   I would also recommend that you change the "Identity Strategy" form " USE_DN" to "USE_USERNAME". ldap exception with data 52e typically means bad password. Also consider that the login-identity-providers.xml configuration file is XML. XML has special characters that if used in your manager password must be escaped or change your manager password to not use these special characters:   & replace with &amp; < replace with &lt; > replace with &gt; " replace with &quot; ‘ replace with &apos;     If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more
Contact Me
Online
Offline
Last Visited
‎02-16-2025 07:20 AM
Community Statistics
Member Since ‎05-16-2023 10:52 PM
Last Visited ‎02-16-2025 07:20 AM
Posts 8