Changing: <property name="Authentication Strategy">START_TLS</property> to <property name="Authentication Strategy">LDAPS</property> fixed the error but I get : Caused by: org.apache.nifi.registry.security.exception.SecurityProviderCreationException: Unable to locate initial admin CN=xxx,OU=Service Users,OU=User Accounts,DC=xxx,DC=xxx,DC=xx,DC=net to seed policies at org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider.populateInitialAdmin(FileAccessPolicyProvider.java:476) at org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider.load(FileAccessPolicyProvider.java:436) at org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider.doOnConfigured(FileAccessPolicyProvider.java:158) at org.apache.nifi.registry.security.authorization.AbstractConfigurableAccessPolicyProvider.onConfigured(AbstractConfigurableAccessPolicyProvider.java:64) ... 109 common frames omitted ... View more

@sha257  The TLS properties need to be configured if your LDAP endpoint is secured meaning it requires LDAPS or START_TLS authentication strategies.   Even when secured, you will alwasy need the TLS truststore, but may or may not need a TLS keystore (depends on your LDAP setup). For unsecured LDAP url access, the TLS properties are not necessary.  Even unsecured (meaning connection is not encrypted), the manager DN and manager Password are still going to be required to connect to the ldap server. Based on information shared, I cannot say what your ldap setup does or does not require.  You'll need to work with your ldap administrators to understand the requirements for connecting to your ldap. Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more